Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-1436
Vulnerability from cvelistv5
Published
2023-03-16 20:59
Modified
2025-02-26 15:02
Severity ?
EPSS score ?
Summary
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| reefs@jfrog.com | https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ | Exploit, Third Party Advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:49:11.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1436", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T15:02:11.232279Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T15:02:24.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://mvnrepository.com", packageName: "org.codehaus.jettison:jettison", product: "jettison", vendor: "jettison", versions: [ { lessThan: "1.5.4", status: "affected", version: "0", versionType: "maven", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.</p>", }, ], value: "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "CWE-674 Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-22T04:59:51.072Z", orgId: "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", shortName: "JFROG", }, references: [ { url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], source: { discovery: "INTERNAL", }, title: "Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray", }, }, cveMetadata: { assignerOrgId: "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", assignerShortName: "JFROG", cveId: "CVE-2023-1436", datePublished: "2023-03-16T20:59:51.072Z", dateReserved: "2023-03-16T20:44:44.527Z", dateUpdated: "2025-02-26T15:02:24.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jettison_project:jettison:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.5.4\", \"matchCriteriaId\": \"6DF803CA-88D7-4FA2-8D43-4602BB8441DD\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\\n\\n\"}]", id: "CVE-2023-1436", lastModified: "2024-11-21T07:39:11.013", metrics: "{\"cvssMetricV31\": [{\"source\": \"reefs@jfrog.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}", published: "2023-03-22T06:15:09.633", references: "[{\"url\": \"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/\", \"source\": \"reefs@jfrog.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]", sourceIdentifier: "reefs@jfrog.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"reefs@jfrog.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-674\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-674\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2023-1436\",\"sourceIdentifier\":\"reefs@jfrog.com\",\"published\":\"2023-03-22T06:15:09.633\",\"lastModified\":\"2024-11-21T07:39:11.013\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"reefs@jfrog.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"reefs@jfrog.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jettison_project:jettison:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.5.4\",\"matchCriteriaId\":\"6DF803CA-88D7-4FA2-8D43-4602BB8441DD\"}]}]}],\"references\":[{\"url\":\"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/\",\"source\":\"reefs@jfrog.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}", vulnrichment: { containers: "{\"cna\": {\"affected\": [{\"collectionURL\": \"https://mvnrepository.com\", \"vendor\": \"jettison\", \"product\": \"jettison\", \"packageName\": \"org.codehaus.jettison:jettison\", \"versions\": [{\"lessThan\": \"1.5.4\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"maven\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"<p>An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.</p>\"}], \"value\": \"An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\\n\\n\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-674\", \"description\": \"CWE-674 Uncontrolled Recursion\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"48a46f29-ae42-4e1d-90dd-c1676c1e5e6d\", \"shortName\": \"JFROG\", \"dateUpdated\": \"2023-03-22T04:59:51.072Z\"}, \"references\": [{\"url\": \"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/\"}], \"source\": {\"discovery\": \"INTERNAL\"}, \"title\": \"Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray\"}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:49:11.438Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1436\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T15:02:11.232279Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T15:02:18.403Z\"}}]}", cveMetadata: "{\"cveId\": \"CVE-2023-1436\", \"assignerOrgId\": \"48a46f29-ae42-4e1d-90dd-c1676c1e5e6d\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"JFROG\", \"dateReserved\": \"2023-03-16T20:44:44.527Z\", \"datePublished\": \"2023-03-16T20:59:51.072Z\", \"dateUpdated\": \"2025-02-26T15:02:24.639Z\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
rhsa-2023:2100
Vulnerability from csaf_redhat
Published
2023-05-03 14:05
Modified
2025-03-16 06:49
Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Notes
Topic
Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)
* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)
* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)
* apache-ivy: Directory Traversal (CVE-2022-37865)
* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)\n\n* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)\n\n* apache-ivy: Directory Traversal (CVE-2022-37865)\n\n* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2100", url: "https://access.redhat.com/errata/RHSA-2023:2100", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2134292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134292", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2136128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136128", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2136207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136207", }, { category: "external", summary: "2145205", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145205", }, { category: "external", summary: "2145264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145264", }, { category: "external", summary: "2150011", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150011", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "2182188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182188", }, { category: "external", summary: "2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2187742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2187742", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2100.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update", tracking: { current_release_date: "2025-03-16T06:49:26+00:00", generator: { date: "2025-03-16T06:49:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:2100", initial_release_date: "2023-05-03T14:05:29+00:00", revision_history: [ { date: "2023-05-03T14:05:29+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-03T14:05:29+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T06:49:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Springboot 3.20.1", product: { name: "RHINT Camel-Springboot 3.20.1", product_id: "RHINT Camel-Springboot 3.20.1", product_identification_helper: { cpe: "cpe:/a:redhat:camel_spring_boot:3.20.1", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37533", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169924", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-net: FTP client trusts the host from PASV response by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37533", }, { category: "external", summary: "RHBZ#2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37533", url: "https://www.cve.org/CVERecord?id=CVE-2021-37533", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-net: FTP client trusts the host from PASV response by default", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31777", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145264", }, ], notes: [ { category: "description", text: "A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.", title: "Vulnerability description", }, { category: "summary", text: "apache-spark: XSS vulnerability in log viewer UI Javascript", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31777", }, { category: "external", summary: "RHBZ#2145264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145264", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31777", url: "https://www.cve.org/CVERecord?id=CVE-2022-31777", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31777", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31777", }, ], release_date: "2022-11-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-spark: XSS vulnerability in log viewer UI Javascript", }, { cve: "CVE-2022-33681", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136207", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client's authentication data.", title: "Vulnerability description", }, { category: "summary", text: "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-33681", }, { category: "external", summary: "RHBZ#2136207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136207", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-33681", url: "https://www.cve.org/CVERecord?id=CVE-2022-33681", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-33681", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-33681", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM", }, { cve: "CVE-2022-37865", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182188", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.", title: "Vulnerability description", }, { category: "summary", text: "apache-ivy: Directory Traversal", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS states High according to NIST, due to the nature of this flaw, considering it's an optional attribute and there must be restrictions in other layers to prevent attacks, this flaw is taken as a Moderate following the Medium impact from Apache.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37865", }, { category: "external", summary: "RHBZ#2182188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182188", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37865", url: "https://www.cve.org/CVERecord?id=CVE-2022-37865", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37865", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37865", }, { category: "external", summary: "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy", url: "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy", }, ], release_date: "2022-11-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-ivy: Directory Traversal", }, { cve: "CVE-2022-37866", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150011", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy's repository and overwrite artifacts that the user will use later.", title: "Vulnerability description", }, { category: "summary", text: "Ivy: Ivy Path traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37866", }, { category: "external", summary: "RHBZ#2150011", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150011", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37866", url: "https://www.cve.org/CVERecord?id=CVE-2022-37866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37866", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ivy: Ivy Path traversal", }, { cve: "CVE-2022-38398", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155292", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38398", }, { category: "external", summary: "RHBZ#2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38398", url: "https://www.cve.org/CVERecord?id=CVE-2022-38398", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903462", url: "http://svn.apache.org/viewvc?view=revision&revision=1903462", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1331", url: "https://issues.apache.org/jira/browse/BATIK-1331", }, { category: "external", summary: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", url: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38648", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155295", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38648", }, { category: "external", summary: "RHBZ#2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38648", url: "https://www.cve.org/CVERecord?id=CVE-2022-38648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903625", url: "http://svn.apache.org/viewvc?view=revision&revision=1903625", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1333", url: "https://issues.apache.org/jira/browse/BATIK-1333", }, { category: "external", summary: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", url: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-38752", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129710", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38752", }, { category: "external", summary: "RHBZ#2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38752", url: "https://www.cve.org/CVERecord?id=CVE-2022-38752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", }, { cve: "CVE-2022-39368", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145205", }, ], notes: [ { category: "description", text: "A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.", title: "Vulnerability description", }, { category: "summary", text: "scandium: Failing DTLS handshakes may cause throttling to block processing of records", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-39368", }, { category: "external", summary: "RHBZ#2145205", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145205", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-39368", url: "https://www.cve.org/CVERecord?id=CVE-2022-39368", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-39368", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-39368", }, { category: "external", summary: "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc", url: "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc", }, ], release_date: "2022-11-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "scandium: Failing DTLS handshakes may cause throttling to block processing of records", }, { cve: "CVE-2022-40146", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155291", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery (SSRF) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40146", }, { category: "external", summary: "RHBZ#2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40146", url: "https://www.cve.org/CVERecord?id=CVE-2022-40146", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903910", url: "http://svn.apache.org/viewvc?view=revision&revision=1903910", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1335", url: "https://issues.apache.org/jira/browse/BATIK-1335", }, { category: "external", summary: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", url: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery (SSRF) vulnerability", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40151", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134292", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40151", }, { category: "external", summary: "RHBZ#2134292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40151", url: "https://www.cve.org/CVERecord?id=CVE-2022-40151", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40151", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40151", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40156", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134288", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40156", }, { category: "external", summary: "RHBZ#2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40156", url: "https://www.cve.org/CVERecord?id=CVE-2022-40156", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41704", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182182", }, ], notes: [ { category: "description", text: "A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.", title: "Vulnerability description", }, { category: "summary", text: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41704", }, { category: "external", summary: "RHBZ#2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41704", url: "https://www.cve.org/CVERecord?id=CVE-2022-41704", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", }, { cve: "CVE-2022-41852", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136128", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.", title: "Vulnerability description", }, { category: "summary", text: "JXPath: untrusted XPath expressions may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41852", }, { category: "external", summary: "RHBZ#2136128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41852", url: "https://www.cve.org/CVERecord?id=CVE-2022-41852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41852", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41852", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JXPath: untrusted XPath expressions may lead to RCE attack", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-41881", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153379", }, ], notes: [ { category: "description", text: "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41881", }, { category: "external", summary: "RHBZ#2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41881", url: "https://www.cve.org/CVERecord?id=CVE-2022-41881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-42890", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182183", }, ], notes: [ { category: "description", text: "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.", title: "Vulnerability description", }, { category: "summary", text: "batik: Untrusted code execution in Apache XML Graphics Batik", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42890", }, { category: "external", summary: "RHBZ#2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42890", url: "https://www.cve.org/CVERecord?id=CVE-2022-42890", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Untrusted code execution in Apache XML Graphics Batik", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20863", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2187742", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20863", }, { category: "external", summary: "RHBZ#2187742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2187742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20863", url: "https://www.cve.org/CVERecord?id=CVE-2023-20863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20863", }, { category: "external", summary: "https://spring.io/security/cve-2023-20863", url: "https://spring.io/security/cve-2023-20863", }, ], release_date: "2023-04-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-22602", cwe: { id: "CWE-436", name: "Interpretation Conflict", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182198", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Authentication bypass through a specially crafted HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-22602", }, { category: "external", summary: "RHBZ#2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-22602", url: "https://www.cve.org/CVERecord?id=CVE-2023-22602", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", }, ], release_date: "2023-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "shiro: Authentication bypass through a specially crafted HTTP request", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, ], }
rhsa-2023:7670
Vulnerability from csaf_redhat
Published
2023-12-06 13:16
Modified
2025-03-03 16:26
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes bug fix, enhancement and security update
Notes
Topic
Migration Toolkit for Runtimes 1.2.3 release
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.2.3 Images
Security Fix(es):
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Runtimes 1.2.3 release\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Runtimes 1.2.3 Images\n\nSecurity Fix(es):\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:7670", url: "https://access.redhat.com/errata/RHSA-2023:7670", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7670.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Runtimes bug fix, enhancement and security update", tracking: { current_release_date: "2025-03-03T16:26:56+00:00", generator: { date: "2025-03-03T16:26:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2023:7670", initial_release_date: "2023-12-06T13:16:30+00:00", revision_history: [ { date: "2023-12-06T13:16:30+00:00", number: "1", summary: "Initial version", }, { date: "2023-12-06T13:16:30+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T16:26:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Migration Toolkit for Runtimes 1 on RHEL 8", product: { name: "Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Runtimes", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product: { name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product_id: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product: { name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product_id: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product: { name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product_id: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product: { name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product_id: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product: { name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product_id: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product: { name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product_id: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product: { name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product_id: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product: { name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product_id: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product: { name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product_id: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product: { name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product_id: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product: { name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product_id: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", }, product_reference: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", }, product_reference: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", }, product_reference: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", }, product_reference: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", }, product_reference: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", }, product_reference: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", }, product_reference: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", }, product_reference: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", relates_to_product_reference: "8Base-MTR-1", }, ], }, vulnerabilities: [ { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", ], known_not_affected: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-12-06T13:16:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:7670", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, ], }
rhsa-2023_2100
Vulnerability from csaf_redhat
Published
2023-05-03 14:05
Modified
2024-12-17 22:55
Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Notes
Topic
Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)
* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)
* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)
* apache-ivy: Directory Traversal (CVE-2022-37865)
* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)\n\n* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)\n\n* apache-ivy: Directory Traversal (CVE-2022-37865)\n\n* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2100", url: "https://access.redhat.com/errata/RHSA-2023:2100", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2134292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134292", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2136128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136128", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2136207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136207", }, { category: "external", summary: "2145205", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145205", }, { category: "external", summary: "2145264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145264", }, { category: "external", summary: "2150011", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150011", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "2182188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182188", }, { category: "external", summary: "2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2187742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2187742", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2100.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update", tracking: { current_release_date: "2024-12-17T22:55:43+00:00", generator: { date: "2024-12-17T22:55:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:2100", initial_release_date: "2023-05-03T14:05:29+00:00", revision_history: [ { date: "2023-05-03T14:05:29+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-03T14:05:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T22:55:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Springboot 3.20.1", product: { name: "RHINT Camel-Springboot 3.20.1", product_id: "RHINT Camel-Springboot 3.20.1", product_identification_helper: { cpe: "cpe:/a:redhat:camel_spring_boot:3.20.1", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37533", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169924", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-net: FTP client trusts the host from PASV response by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37533", }, { category: "external", summary: "RHBZ#2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37533", url: "https://www.cve.org/CVERecord?id=CVE-2021-37533", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-net: FTP client trusts the host from PASV response by default", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31777", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145264", }, ], notes: [ { category: "description", text: "A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.", title: "Vulnerability description", }, { category: "summary", text: "apache-spark: XSS vulnerability in log viewer UI Javascript", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31777", }, { category: "external", summary: "RHBZ#2145264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145264", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31777", url: "https://www.cve.org/CVERecord?id=CVE-2022-31777", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31777", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31777", }, ], release_date: "2022-11-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-spark: XSS vulnerability in log viewer UI Javascript", }, { cve: "CVE-2022-33681", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136207", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client's authentication data.", title: "Vulnerability description", }, { category: "summary", text: "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-33681", }, { category: "external", summary: "RHBZ#2136207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136207", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-33681", url: "https://www.cve.org/CVERecord?id=CVE-2022-33681", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-33681", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-33681", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM", }, { cve: "CVE-2022-37865", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182188", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.", title: "Vulnerability description", }, { category: "summary", text: "apache-ivy: Directory Traversal", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS states High according to NIST, due to the nature of this flaw, considering it's an optional attribute and there must be restrictions in other layers to prevent attacks, this flaw is taken as a Moderate following the Medium impact from Apache.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37865", }, { category: "external", summary: "RHBZ#2182188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182188", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37865", url: "https://www.cve.org/CVERecord?id=CVE-2022-37865", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37865", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37865", }, { category: "external", summary: "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy", url: "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy", }, ], release_date: "2022-11-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-ivy: Directory Traversal", }, { cve: "CVE-2022-37866", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150011", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy's repository and overwrite artifacts that the user will use later.", title: "Vulnerability description", }, { category: "summary", text: "Ivy: Ivy Path traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37866", }, { category: "external", summary: "RHBZ#2150011", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150011", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37866", url: "https://www.cve.org/CVERecord?id=CVE-2022-37866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37866", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ivy: Ivy Path traversal", }, { cve: "CVE-2022-38398", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155292", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38398", }, { category: "external", summary: "RHBZ#2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38398", url: "https://www.cve.org/CVERecord?id=CVE-2022-38398", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903462", url: "http://svn.apache.org/viewvc?view=revision&revision=1903462", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1331", url: "https://issues.apache.org/jira/browse/BATIK-1331", }, { category: "external", summary: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", url: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38648", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155295", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38648", }, { category: "external", summary: "RHBZ#2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38648", url: "https://www.cve.org/CVERecord?id=CVE-2022-38648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903625", url: "http://svn.apache.org/viewvc?view=revision&revision=1903625", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1333", url: "https://issues.apache.org/jira/browse/BATIK-1333", }, { category: "external", summary: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", url: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-38752", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129710", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38752", }, { category: "external", summary: "RHBZ#2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38752", url: "https://www.cve.org/CVERecord?id=CVE-2022-38752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", }, { cve: "CVE-2022-39368", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145205", }, ], notes: [ { category: "description", text: "A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.", title: "Vulnerability description", }, { category: "summary", text: "scandium: Failing DTLS handshakes may cause throttling to block processing of records", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-39368", }, { category: "external", summary: "RHBZ#2145205", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145205", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-39368", url: "https://www.cve.org/CVERecord?id=CVE-2022-39368", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-39368", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-39368", }, { category: "external", summary: "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc", url: "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc", }, ], release_date: "2022-11-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "scandium: Failing DTLS handshakes may cause throttling to block processing of records", }, { cve: "CVE-2022-40146", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155291", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery (SSRF) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40146", }, { category: "external", summary: "RHBZ#2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40146", url: "https://www.cve.org/CVERecord?id=CVE-2022-40146", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903910", url: "http://svn.apache.org/viewvc?view=revision&revision=1903910", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1335", url: "https://issues.apache.org/jira/browse/BATIK-1335", }, { category: "external", summary: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", url: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery (SSRF) vulnerability", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40151", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134292", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40151", }, { category: "external", summary: "RHBZ#2134292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40151", url: "https://www.cve.org/CVERecord?id=CVE-2022-40151", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40151", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40151", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40156", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134288", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40156", }, { category: "external", summary: "RHBZ#2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40156", url: "https://www.cve.org/CVERecord?id=CVE-2022-40156", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41704", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182182", }, ], notes: [ { category: "description", text: "A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.", title: "Vulnerability description", }, { category: "summary", text: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41704", }, { category: "external", summary: "RHBZ#2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41704", url: "https://www.cve.org/CVERecord?id=CVE-2022-41704", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", }, { cve: "CVE-2022-41852", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136128", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.", title: "Vulnerability description", }, { category: "summary", text: "JXPath: untrusted XPath expressions may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41852", }, { category: "external", summary: "RHBZ#2136128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41852", url: "https://www.cve.org/CVERecord?id=CVE-2022-41852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41852", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41852", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JXPath: untrusted XPath expressions may lead to RCE attack", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-41881", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153379", }, ], notes: [ { category: "description", text: "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41881", }, { category: "external", summary: "RHBZ#2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41881", url: "https://www.cve.org/CVERecord?id=CVE-2022-41881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-42890", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182183", }, ], notes: [ { category: "description", text: "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.", title: "Vulnerability description", }, { category: "summary", text: "batik: Untrusted code execution in Apache XML Graphics Batik", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42890", }, { category: "external", summary: "RHBZ#2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42890", url: "https://www.cve.org/CVERecord?id=CVE-2022-42890", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Untrusted code execution in Apache XML Graphics Batik", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20863", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2187742", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20863", }, { category: "external", summary: "RHBZ#2187742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2187742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20863", url: "https://www.cve.org/CVERecord?id=CVE-2023-20863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20863", }, { category: "external", summary: "https://spring.io/security/cve-2023-20863", url: "https://spring.io/security/cve-2023-20863", }, ], release_date: "2023-04-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-22602", cwe: { id: "CWE-436", name: "Interpretation Conflict", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182198", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Authentication bypass through a specially crafted HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-22602", }, { category: "external", summary: "RHBZ#2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-22602", url: "https://www.cve.org/CVERecord?id=CVE-2023-22602", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", }, ], release_date: "2023-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "shiro: Authentication bypass through a specially crafted HTTP request", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, ], }
RHSA-2023:3663
Vulnerability from csaf_redhat
Published
2023-06-19 10:15
Modified
2025-03-14 23:17
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3663", url: "https://access.redhat.com/errata/RHSA-2023:3663", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2087214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087214", }, { category: "external", summary: "2116952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116952", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2177626", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177626", }, { category: "external", summary: "2177629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177629", }, { category: "external", summary: "2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2207830", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207830", }, { category: "external", summary: "2207835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207835", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json", }, ], title: "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", tracking: { current_release_date: "2025-03-14T23:17:08+00:00", generator: { date: "2025-03-14T23:17:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3663", initial_release_date: "2023-06-19T10:15:57+00:00", revision_history: [ { date: "2023-06-19T10:15:57+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-19T10:15:57+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T23:17:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product: { name: "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.11::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686831596-3.el8.src", product: { name: "jenkins-0:2.401.1.1686831596-3.el8.src", product_id: "jenkins-0:2.401.1.1686831596-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product_id: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product: { name: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product_id: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", }, product_reference: "jenkins-0:2.401.1.1686831596-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", }, product_reference: "jenkins-0:2.401.1.1686831596-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2048", cwe: { id: "CWE-410", name: "Insufficient Resource Pool", }, discovery_date: "2022-08-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2116952", }, ], notes: [ { category: "description", text: "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.", title: "Vulnerability description", }, { category: "summary", text: "http2-server: Invalid HTTP/2 requests cause DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2048", }, { category: "external", summary: "RHBZ#2116952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116952", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2048", url: "https://www.cve.org/CVERecord?id=CVE-2022-2048", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", }, { category: "external", summary: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", }, ], release_date: "2022-07-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http2-server: Invalid HTTP/2 requests cause DoS", }, { cve: "CVE-2022-22976", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087214", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.", title: "Vulnerability description", }, { category: "summary", text: "springframework: BCrypt skips salt rounds for work factor of 31", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22976", }, { category: "external", summary: "RHBZ#2087214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087214", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22976", url: "https://www.cve.org/CVERecord?id=CVE-2022-22976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22976", url: "https://tanzu.vmware.com/security/cve-2022-22976", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: BCrypt skips salt rounds for work factor of 31", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-27898", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177629", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: XSS vulnerability in plugin manager", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27898", }, { category: "external", summary: "RHBZ#2177629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177629", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27898", url: "https://www.cve.org/CVERecord?id=CVE-2023-27898", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Jenkins: XSS vulnerability in plugin manager", }, { cve: "CVE-2023-27899", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177626", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary plugin file created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27899", }, { category: "external", summary: "RHBZ#2177626", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177626", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27899", url: "https://www.cve.org/CVERecord?id=CVE-2023-27899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Jenkins: Temporary plugin file created with insecure permissions", }, { cve: "CVE-2023-27903", cwe: { id: "CWE-266", name: "Incorrect Privilege Assignment", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177632", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary file parameter created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27903", }, { category: "external", summary: "RHBZ#2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27903", url: "https://www.cve.org/CVERecord?id=CVE-2023-27903", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Temporary file parameter created with insecure permissions", }, { cve: "CVE-2023-27904", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177634", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Information disclosure through error stack traces related to agents", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27904", }, { category: "external", summary: "RHBZ#2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27904", url: "https://www.cve.org/CVERecord?id=CVE-2023-27904", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Information disclosure through error stack traces related to agents", }, { cve: "CVE-2023-32977", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2207830", }, ], notes: [ { category: "description", text: "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won'tfix.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-32977", }, { category: "external", summary: "RHBZ#2207830", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207830", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-32977", url: "https://www.cve.org/CVERecord?id=CVE-2023-32977", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", url: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", }, ], release_date: "2023-05-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", }, { cve: "CVE-2023-32981", discovery_date: "2023-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2207835", }, ], notes: [ { category: "description", text: "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won'tfix.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-32981", }, { category: "external", summary: "RHBZ#2207835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207835", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-32981", url: "https://www.cve.org/CVERecord?id=CVE-2023-32981", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", url: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", }, ], release_date: "2023-05-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", }, ], }
rhsa-2023:3667
Vulnerability from csaf_redhat
Published
2023-06-19 16:32
Modified
2025-03-03 16:25
Summary
Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
Notes
Topic
Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Security Fix(es):
* CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray
* CVE-2021-37533 apache-commons-net: FTP client trusts the host from PASV response by default
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n Red Hat Product Security has rated this update as having an impact of Important.\n A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n Red Hat Product Security has rated this update as having an impact of Important.\n\n A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n Security Fix(es):\n\n * CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray\n * CVE-2021-37533 apache-commons-net: FTP client trusts the host from PASV response by default", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3667", url: "https://access.redhat.com/errata/RHSA-2023:3667", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/security/cve/cve-2023-1436", url: "https://access.redhat.com/security/cve/cve-2023-1436", }, { category: "external", summary: "https://access.redhat.com/security/cve/cve-2021-37533", url: "https://access.redhat.com/security/cve/cve-2021-37533", }, { category: "external", summary: "2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3667.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update", tracking: { current_release_date: "2025-03-03T16:25:45+00:00", generator: { date: "2025-03-03T16:25:45+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2023:3667", initial_release_date: "2023-06-19T16:32:32+00:00", revision_history: [ { date: "2023-06-19T16:32:32+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-19T16:32:32+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T16:25:45+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Q 2.13.3", product: { name: "RHINT Camel-Q 2.13.3", product_id: "RHINT Camel-Q 2.13.3", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:2.13", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37533", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169924", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-net: FTP client trusts the host from PASV response by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Q 2.13.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37533", }, { category: "external", summary: "RHBZ#2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37533", url: "https://www.cve.org/CVERecord?id=CVE-2021-37533", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T16:32:32+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Q 2.13.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Q 2.13.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-net: FTP client trusts the host from PASV response by default", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Q 2.13.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T16:32:32+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Q 2.13.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Q 2.13.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, ], }
rhsa-2023_4505
Vulnerability from csaf_redhat
Published
2023-08-07 15:18
Modified
2024-12-16 16:23
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes
bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes\nbug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4505", url: "https://access.redhat.com/errata/RHSA-2023:4505", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24720", url: "https://issues.redhat.com/browse/JBEAP-24720", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4505.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2024-12-16T16:23:57+00:00", generator: { date: "2024-12-16T16:23:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4505", initial_release_date: "2023-08-07T15:18:04+00:00", revision_history: [ { date: "2023-08-07T15:18:04+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:18:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:23:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el7eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product: { name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_id: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.0.9-1.redhat_00001.1.el7eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2023:4505
Vulnerability from csaf_redhat
Published
2023-08-07 15:18
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes
bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes\nbug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4505", url: "https://access.redhat.com/errata/RHSA-2023:4505", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24720", url: "https://issues.redhat.com/browse/JBEAP-24720", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4505.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2025-03-15T00:11:07+00:00", generator: { date: "2025-03-15T00:11:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4505", initial_release_date: "2023-08-07T15:18:04+00:00", revision_history: [ { date: "2023-08-07T15:18:04+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:18:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el7eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product: { name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_id: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.0.9-1.redhat_00001.1.el7eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023_4920
Vulnerability from csaf_redhat
Published
2023-08-31 13:27
Modified
2024-12-16 16:24
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4920", url: "https://access.redhat.com/errata/RHSA-2023:4920", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4920.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 9", tracking: { current_release_date: "2024-12-16T16:24:16+00:00", generator: { date: "2024-12-16T16:24:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4920", initial_release_date: "2023-08-31T13:27:58+00:00", revision_history: [ { date: "2023-08-31T13:27:58+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:27:58+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:24:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2024_1027
Vulnerability from csaf_redhat
Published
2024-02-28 18:13
Modified
2024-12-17 22:34
Summary
Red Hat Security Advisory: Migration Toolkit for Applications security update
Notes
Topic
An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Applications
Security Fix(es):
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* guava: insecure temporary directory creation (CVE-2023-2976)
* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Applications \n\nSecurity Fix(es):\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:1027", url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2215214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215214", }, { category: "external", summary: "2215229", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215229", }, { category: "external", summary: "2222167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", }, { category: "external", summary: "2228743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", }, { category: "external", summary: "2233112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2233112", }, { category: "external", summary: "2256413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2256413", }, { category: "external", summary: "MTA-87", url: "https://issues.redhat.com/browse/MTA-87", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1027.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Applications security update", tracking: { current_release_date: "2024-12-17T22:34:31+00:00", generator: { date: "2024-12-17T22:34:31+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:1027", initial_release_date: "2024-02-28T18:13:39+00:00", revision_history: [ { date: "2024-02-28T18:13:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-02-28T18:13:39+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T22:34:31+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "MTA 6.2 for RHEL 8", product: { name: "MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", }, }, }, { category: "product_name", name: "MTA 6.2 for RHEL 8", product: { name: "MTA 6.2 for RHEL 8", product_id: "8Base-MTA-6.2", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Applications", }, { branches: [ { category: "product_version", name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product: { name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product_id: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product_identification_helper: { purl: "pkg:oci/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662?arch=amd64&repository_url=registry.redhat.io/mta/mta-hub-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product: { name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product_id: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product_identification_helper: { purl: "pkg:oci/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81?arch=amd64&repository_url=registry.redhat.io/mta/mta-operator-bundle&tag=6.2.2-5", }, }, }, { category: "product_version", name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product: { name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product_id: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product_identification_helper: { purl: "pkg:oci/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67?arch=amd64&repository_url=registry.redhat.io/mta/mta-rhel8-operator&tag=6.2.2-3", }, }, }, { category: "product_version", name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product: { name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product_id: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product_identification_helper: { purl: "pkg:oci/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508?arch=amd64&repository_url=registry.redhat.io/mta/mta-pathfinder-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product: { name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product_id: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product_identification_helper: { purl: "pkg:oci/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1?arch=amd64&repository_url=registry.redhat.io/mta/mta-ui-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product: { name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product_id: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product_identification_helper: { purl: "pkg:oci/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc?arch=amd64&repository_url=registry.redhat.io/mta/mta-windup-addon-rhel9&tag=6.2.2-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", }, product_reference: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", relates_to_product_reference: "8Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", }, product_reference: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", }, product_reference: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", }, product_reference: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", }, product_reference: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", }, product_reference: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46751", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2023-08-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2233112", }, ], notes: [ { category: "description", text: "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle's \"Java API for XML Processing (JAXP) Security Guide\".\n\n", title: "Vulnerability description", }, { category: "summary", text: "apache-ivy: XML External Entity vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46751", }, { category: "external", summary: "RHBZ#2233112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2233112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46751", url: "https://www.cve.org/CVERecord?id=CVE-2022-46751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46751", }, { category: "external", summary: "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", url: "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", }, ], release_date: "2023-08-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-ivy: XML External Entity vulnerability", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2023-06-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215229", }, ], notes: [ { category: "description", text: "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", title: "Vulnerability description", }, { category: "summary", text: "guava: insecure temporary directory creation", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-2976", }, { category: "external", summary: "RHBZ#2215229", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215229", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-2976", url: "https://www.cve.org/CVERecord?id=CVE-2023-2976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", }, ], release_date: "2023-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "guava: insecure temporary directory creation", }, { cve: "CVE-2023-26159", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2256413", }, ], notes: [ { category: "description", text: "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()", title: "Vulnerability summary", }, { category: "other", text: "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26159", }, { category: "external", summary: "RHBZ#2256413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2256413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26159", url: "https://www.cve.org/CVERecord?id=CVE-2023-26159", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26159", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26159", }, ], release_date: "2024-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()", }, { cve: "CVE-2023-29406", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2222167", }, ], notes: [ { category: "description", text: "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: insufficient sanitization of Host header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29406", }, { category: "external", summary: "RHBZ#2222167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29406", url: "https://www.cve.org/CVERecord?id=CVE-2023-29406", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", url: "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", }, ], release_date: "2023-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: insufficient sanitization of Host header", }, { cve: "CVE-2023-29409", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-08-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2228743", }, ], notes: [ { category: "description", text: "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29409", }, { category: "external", summary: "RHBZ#2228743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29409", url: "https://www.cve.org/CVERecord?id=CVE-2023-29409", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", }, { category: "external", summary: "https://go.dev/cl/515257", url: "https://go.dev/cl/515257", }, { category: "external", summary: "https://go.dev/issue/61460", url: "https://go.dev/issue/61460", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", url: "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-1987", url: "https://pkg.go.dev/vuln/GO-2023-1987", }, ], release_date: "2023-08-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", }, { cve: "CVE-2023-35116", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-06-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215214", }, ], notes: [ { category: "description", text: "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via cylic dependencies", title: "Vulnerability summary", }, { category: "other", text: "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35116", }, { category: "external", summary: "RHBZ#2215214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215214", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35116", url: "https://www.cve.org/CVERecord?id=CVE-2023-35116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35116", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35116", }, ], release_date: "2023-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via cylic dependencies", }, ], }
rhsa-2023:4509
Vulnerability from csaf_redhat
Published
2023-08-07 15:02
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.12 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4509", url: "https://access.redhat.com/errata/RHSA-2023:4509", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4509.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.12 security update", tracking: { current_release_date: "2025-03-15T00:11:28+00:00", generator: { date: "2025-03-15T00:11:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4509", initial_release_date: "2023-08-07T15:02:21+00:00", revision_history: [ { date: "2023-08-07T15:02:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:02:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, { cve: "CVE-2023-5379", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-10-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242099", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "undertow: AJP Request closes connection exceeding maxRequestSize", title: "Vulnerability summary", }, { category: "other", text: "Due to AJP packet size limitation by ProxyIOBufferSize (default: 8192, max: 65536) directive on httpd side, AJP packets larger than 64KB will not reach JBoss EAP. The default value of max-header-size in JBoss EAP 7 is 1048576 (1MiB), therefore, only JBoss EAP instances with max-header-size set to 64 KB or less may be affected by this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5379", }, { category: "external", summary: "RHBZ#2242099", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5379", url: "https://www.cve.org/CVERecord?id=CVE-2023-5379", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: AJP Request closes connection exceeding maxRequestSize", }, ], }
rhsa-2023:4918
Vulnerability from csaf_redhat
Published
2023-08-31 13:28
Modified
2025-03-15 00:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4918", url: "https://access.redhat.com/errata/RHSA-2023:4918", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4918.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 7", tracking: { current_release_date: "2025-03-15T00:10:57+00:00", generator: { date: "2025-03-15T00:10:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4918", initial_release_date: "2023-08-31T13:28:04+00:00", revision_history: [ { date: "2023-08-31T13:28:04+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:28:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:10:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023:3663
Vulnerability from csaf_redhat
Published
2023-06-19 10:15
Modified
2025-03-14 23:17
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3663", url: "https://access.redhat.com/errata/RHSA-2023:3663", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2087214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087214", }, { category: "external", summary: "2116952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116952", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2177626", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177626", }, { category: "external", summary: "2177629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177629", }, { category: "external", summary: "2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2207830", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207830", }, { category: "external", summary: "2207835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207835", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json", }, ], title: "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", tracking: { current_release_date: "2025-03-14T23:17:08+00:00", generator: { date: "2025-03-14T23:17:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3663", initial_release_date: "2023-06-19T10:15:57+00:00", revision_history: [ { date: "2023-06-19T10:15:57+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-19T10:15:57+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T23:17:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product: { name: "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.11::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686831596-3.el8.src", product: { name: "jenkins-0:2.401.1.1686831596-3.el8.src", product_id: "jenkins-0:2.401.1.1686831596-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product_id: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product: { name: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product_id: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", }, product_reference: "jenkins-0:2.401.1.1686831596-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", }, product_reference: "jenkins-0:2.401.1.1686831596-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2048", cwe: { id: "CWE-410", name: "Insufficient Resource Pool", }, discovery_date: "2022-08-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2116952", }, ], notes: [ { category: "description", text: "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.", title: "Vulnerability description", }, { category: "summary", text: "http2-server: Invalid HTTP/2 requests cause DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2048", }, { category: "external", summary: "RHBZ#2116952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116952", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2048", url: "https://www.cve.org/CVERecord?id=CVE-2022-2048", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", }, { category: "external", summary: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", }, ], release_date: "2022-07-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http2-server: Invalid HTTP/2 requests cause DoS", }, { cve: "CVE-2022-22976", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087214", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.", title: "Vulnerability description", }, { category: "summary", text: "springframework: BCrypt skips salt rounds for work factor of 31", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22976", }, { category: "external", summary: "RHBZ#2087214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087214", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22976", url: "https://www.cve.org/CVERecord?id=CVE-2022-22976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22976", url: "https://tanzu.vmware.com/security/cve-2022-22976", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: BCrypt skips salt rounds for work factor of 31", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-27898", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177629", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: XSS vulnerability in plugin manager", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27898", }, { category: "external", summary: "RHBZ#2177629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177629", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27898", url: "https://www.cve.org/CVERecord?id=CVE-2023-27898", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Jenkins: XSS vulnerability in plugin manager", }, { cve: "CVE-2023-27899", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177626", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary plugin file created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27899", }, { category: "external", summary: "RHBZ#2177626", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177626", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27899", url: "https://www.cve.org/CVERecord?id=CVE-2023-27899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Jenkins: Temporary plugin file created with insecure permissions", }, { cve: "CVE-2023-27903", cwe: { id: "CWE-266", name: "Incorrect Privilege Assignment", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177632", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary file parameter created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27903", }, { category: "external", summary: "RHBZ#2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27903", url: "https://www.cve.org/CVERecord?id=CVE-2023-27903", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Temporary file parameter created with insecure permissions", }, { cve: "CVE-2023-27904", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177634", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Information disclosure through error stack traces related to agents", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27904", }, { category: "external", summary: "RHBZ#2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27904", url: "https://www.cve.org/CVERecord?id=CVE-2023-27904", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Information disclosure through error stack traces related to agents", }, { cve: "CVE-2023-32977", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2207830", }, ], notes: [ { category: "description", text: "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won'tfix.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-32977", }, { category: "external", summary: "RHBZ#2207830", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207830", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-32977", url: "https://www.cve.org/CVERecord?id=CVE-2023-32977", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", url: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", }, ], release_date: "2023-05-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", }, { cve: "CVE-2023-32981", discovery_date: "2023-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2207835", }, ], notes: [ { category: "description", text: "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won'tfix.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-32981", }, { category: "external", summary: "RHBZ#2207835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207835", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-32981", url: "https://www.cve.org/CVERecord?id=CVE-2023-32981", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", url: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", }, ], release_date: "2023-05-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", }, ], }
rhsa-2023:4924
Vulnerability from csaf_redhat
Published
2023-08-31 13:29
Modified
2025-03-15 00:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4924", url: "https://access.redhat.com/errata/RHSA-2023:4924", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4924.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update", tracking: { current_release_date: "2025-03-15T00:10:48+00:00", generator: { date: "2025-03-15T00:10:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4924", initial_release_date: "2023-08-31T13:29:21+00:00", revision_history: [ { date: "2023-08-31T13:29:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:29:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:10:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.5", product: { name: "Red Hat Single Sign-On 7.6.5", product_id: "Red Hat Single Sign-On 7.6.5", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.5", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023:4507
Vulnerability from csaf_redhat
Published
2023-08-07 15:19
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4507", url: "https://access.redhat.com/errata/RHSA-2023:4507", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24722", url: "https://issues.redhat.com/browse/JBEAP-24722", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4507.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2025-03-15T00:11:40+00:00", generator: { date: "2025-03-15T00:11:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4507", initial_release_date: "2023-08-07T15:19:40+00:00", revision_history: [ { date: "2023-08-07T15:19:40+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:19:40+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el9eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2023:7670
Vulnerability from csaf_redhat
Published
2023-12-06 13:16
Modified
2025-03-03 16:26
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes bug fix, enhancement and security update
Notes
Topic
Migration Toolkit for Runtimes 1.2.3 release
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.2.3 Images
Security Fix(es):
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Runtimes 1.2.3 release\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Runtimes 1.2.3 Images\n\nSecurity Fix(es):\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:7670", url: "https://access.redhat.com/errata/RHSA-2023:7670", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7670.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Runtimes bug fix, enhancement and security update", tracking: { current_release_date: "2025-03-03T16:26:56+00:00", generator: { date: "2025-03-03T16:26:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2023:7670", initial_release_date: "2023-12-06T13:16:30+00:00", revision_history: [ { date: "2023-12-06T13:16:30+00:00", number: "1", summary: "Initial version", }, { date: "2023-12-06T13:16:30+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T16:26:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Migration Toolkit for Runtimes 1 on RHEL 8", product: { name: "Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Runtimes", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product: { name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product_id: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product: { name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product_id: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product: { name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product_id: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product: { name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product_id: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product: { name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product_id: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product: { name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product_id: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product: { name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product_id: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product: { name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product_id: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product: { name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product_id: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product: { name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product_id: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product: { name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product_id: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", }, product_reference: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", }, product_reference: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", }, product_reference: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", }, product_reference: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", }, product_reference: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", }, product_reference: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", }, product_reference: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", }, product_reference: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", relates_to_product_reference: "8Base-MTR-1", }, ], }, vulnerabilities: [ { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", ], known_not_affected: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-12-06T13:16:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:7670", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, ], }
rhsa-2024:1027
Vulnerability from csaf_redhat
Published
2024-02-28 18:13
Modified
2025-03-20 13:06
Summary
Red Hat Security Advisory: Migration Toolkit for Applications security update
Notes
Topic
An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Applications
Security Fix(es):
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* guava: insecure temporary directory creation (CVE-2023-2976)
* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Applications \n\nSecurity Fix(es):\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:1027", url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2215214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215214", }, { category: "external", summary: "2215229", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215229", }, { category: "external", summary: "2222167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", }, { category: "external", summary: "2228743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", }, { category: "external", summary: "2233112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2233112", }, { category: "external", summary: "2256413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2256413", }, { category: "external", summary: "MTA-87", url: "https://issues.redhat.com/browse/MTA-87", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1027.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Applications security update", tracking: { current_release_date: "2025-03-20T13:06:43+00:00", generator: { date: "2025-03-20T13:06:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:1027", initial_release_date: "2024-02-28T18:13:39+00:00", revision_history: [ { date: "2024-02-28T18:13:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-02-28T18:13:39+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-20T13:06:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "MTA 6.2 for RHEL 8", product: { name: "MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", }, }, }, { category: "product_name", name: "MTA 6.2 for RHEL 8", product: { name: "MTA 6.2 for RHEL 8", product_id: "8Base-MTA-6.2", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Applications", }, { branches: [ { category: "product_version", name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product: { name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product_id: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product_identification_helper: { purl: "pkg:oci/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662?arch=amd64&repository_url=registry.redhat.io/mta/mta-hub-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product: { name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product_id: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product_identification_helper: { purl: "pkg:oci/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81?arch=amd64&repository_url=registry.redhat.io/mta/mta-operator-bundle&tag=6.2.2-5", }, }, }, { category: "product_version", name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product: { name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product_id: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product_identification_helper: { purl: "pkg:oci/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67?arch=amd64&repository_url=registry.redhat.io/mta/mta-rhel8-operator&tag=6.2.2-3", }, }, }, { category: "product_version", name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product: { name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product_id: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product_identification_helper: { purl: "pkg:oci/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508?arch=amd64&repository_url=registry.redhat.io/mta/mta-pathfinder-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product: { name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product_id: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product_identification_helper: { purl: "pkg:oci/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1?arch=amd64&repository_url=registry.redhat.io/mta/mta-ui-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product: { name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product_id: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product_identification_helper: { purl: "pkg:oci/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc?arch=amd64&repository_url=registry.redhat.io/mta/mta-windup-addon-rhel9&tag=6.2.2-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", }, product_reference: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", relates_to_product_reference: "8Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", }, product_reference: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", }, product_reference: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", }, product_reference: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", }, product_reference: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", }, product_reference: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46751", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2023-08-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2233112", }, ], notes: [ { category: "description", text: "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle's \"Java API for XML Processing (JAXP) Security Guide\".", title: "Vulnerability description", }, { category: "summary", text: "apache-ivy: XML External Entity vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46751", }, { category: "external", summary: "RHBZ#2233112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2233112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46751", url: "https://www.cve.org/CVERecord?id=CVE-2022-46751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46751", }, { category: "external", summary: "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", url: "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", }, ], release_date: "2023-08-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-ivy: XML External Entity vulnerability", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2023-06-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215229", }, ], notes: [ { category: "description", text: "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", title: "Vulnerability description", }, { category: "summary", text: "guava: insecure temporary directory creation", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-2976", }, { category: "external", summary: "RHBZ#2215229", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215229", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-2976", url: "https://www.cve.org/CVERecord?id=CVE-2023-2976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", }, ], release_date: "2023-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "guava: insecure temporary directory creation", }, { cve: "CVE-2023-26159", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2256413", }, ], notes: [ { category: "description", text: "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()", title: "Vulnerability summary", }, { category: "other", text: "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26159", }, { category: "external", summary: "RHBZ#2256413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2256413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26159", url: "https://www.cve.org/CVERecord?id=CVE-2023-26159", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26159", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26159", }, ], release_date: "2024-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()", }, { cve: "CVE-2023-29406", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2222167", }, ], notes: [ { category: "description", text: "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: insufficient sanitization of Host header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29406", }, { category: "external", summary: "RHBZ#2222167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29406", url: "https://www.cve.org/CVERecord?id=CVE-2023-29406", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", url: "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", }, ], release_date: "2023-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: insufficient sanitization of Host header", }, { cve: "CVE-2023-29409", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-08-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2228743", }, ], notes: [ { category: "description", text: "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29409", }, { category: "external", summary: "RHBZ#2228743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29409", url: "https://www.cve.org/CVERecord?id=CVE-2023-29409", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", }, { category: "external", summary: "https://go.dev/cl/515257", url: "https://go.dev/cl/515257", }, { category: "external", summary: "https://go.dev/issue/61460", url: "https://go.dev/issue/61460", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", url: "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-1987", url: "https://pkg.go.dev/vuln/GO-2023-1987", }, ], release_date: "2023-08-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", }, { cve: "CVE-2023-35116", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-06-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215214", }, ], notes: [ { category: "description", text: "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via cylic dependencies", title: "Vulnerability summary", }, { category: "other", text: "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35116", }, { category: "external", summary: "RHBZ#2215214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215214", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35116", url: "https://www.cve.org/CVERecord?id=CVE-2023-35116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35116", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35116", }, ], release_date: "2023-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via cylic dependencies", }, ], }
RHSA-2023:3667
Vulnerability from csaf_redhat
Published
2023-06-19 16:32
Modified
2025-03-03 16:25
Summary
Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
Notes
Topic
Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Security Fix(es):
* CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray
* CVE-2021-37533 apache-commons-net: FTP client trusts the host from PASV response by default
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n Red Hat Product Security has rated this update as having an impact of Important.\n A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n Red Hat Product Security has rated this update as having an impact of Important.\n\n A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n Security Fix(es):\n\n * CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray\n * CVE-2021-37533 apache-commons-net: FTP client trusts the host from PASV response by default", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3667", url: "https://access.redhat.com/errata/RHSA-2023:3667", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/security/cve/cve-2023-1436", url: "https://access.redhat.com/security/cve/cve-2023-1436", }, { category: "external", summary: "https://access.redhat.com/security/cve/cve-2021-37533", url: "https://access.redhat.com/security/cve/cve-2021-37533", }, { category: "external", summary: "2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3667.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update", tracking: { current_release_date: "2025-03-03T16:25:45+00:00", generator: { date: "2025-03-03T16:25:45+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2023:3667", initial_release_date: "2023-06-19T16:32:32+00:00", revision_history: [ { date: "2023-06-19T16:32:32+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-19T16:32:32+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T16:25:45+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Q 2.13.3", product: { name: "RHINT Camel-Q 2.13.3", product_id: "RHINT Camel-Q 2.13.3", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:2.13", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37533", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169924", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-net: FTP client trusts the host from PASV response by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Q 2.13.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37533", }, { category: "external", summary: "RHBZ#2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37533", url: "https://www.cve.org/CVERecord?id=CVE-2021-37533", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T16:32:32+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Q 2.13.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Q 2.13.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-net: FTP client trusts the host from PASV response by default", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Q 2.13.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T16:32:32+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Q 2.13.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Q 2.13.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, ], }
rhsa-2023:4919
Vulnerability from csaf_redhat
Published
2023-08-31 13:27
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4919", url: "https://access.redhat.com/errata/RHSA-2023:4919", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4919.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 8", tracking: { current_release_date: "2025-03-15T00:11:07+00:00", generator: { date: "2025-03-15T00:11:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4919", initial_release_date: "2023-08-31T13:27:55+00:00", revision_history: [ { date: "2023-08-31T13:27:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:27:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2024:1027
Vulnerability from csaf_redhat
Published
2024-02-28 18:13
Modified
2025-03-20 13:06
Summary
Red Hat Security Advisory: Migration Toolkit for Applications security update
Notes
Topic
An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Applications
Security Fix(es):
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* guava: insecure temporary directory creation (CVE-2023-2976)
* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Applications \n\nSecurity Fix(es):\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:1027", url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2215214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215214", }, { category: "external", summary: "2215229", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215229", }, { category: "external", summary: "2222167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", }, { category: "external", summary: "2228743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", }, { category: "external", summary: "2233112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2233112", }, { category: "external", summary: "2256413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2256413", }, { category: "external", summary: "MTA-87", url: "https://issues.redhat.com/browse/MTA-87", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1027.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Applications security update", tracking: { current_release_date: "2025-03-20T13:06:43+00:00", generator: { date: "2025-03-20T13:06:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:1027", initial_release_date: "2024-02-28T18:13:39+00:00", revision_history: [ { date: "2024-02-28T18:13:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-02-28T18:13:39+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-20T13:06:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "MTA 6.2 for RHEL 8", product: { name: "MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", }, }, }, { category: "product_name", name: "MTA 6.2 for RHEL 8", product: { name: "MTA 6.2 for RHEL 8", product_id: "8Base-MTA-6.2", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Applications", }, { branches: [ { category: "product_version", name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product: { name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product_id: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", product_identification_helper: { purl: "pkg:oci/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662?arch=amd64&repository_url=registry.redhat.io/mta/mta-hub-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product: { name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product_id: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", product_identification_helper: { purl: "pkg:oci/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81?arch=amd64&repository_url=registry.redhat.io/mta/mta-operator-bundle&tag=6.2.2-5", }, }, }, { category: "product_version", name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product: { name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product_id: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", product_identification_helper: { purl: "pkg:oci/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67?arch=amd64&repository_url=registry.redhat.io/mta/mta-rhel8-operator&tag=6.2.2-3", }, }, }, { category: "product_version", name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product: { name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product_id: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", product_identification_helper: { purl: "pkg:oci/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508?arch=amd64&repository_url=registry.redhat.io/mta/mta-pathfinder-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product: { name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product_id: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", product_identification_helper: { purl: "pkg:oci/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1?arch=amd64&repository_url=registry.redhat.io/mta/mta-ui-rhel9&tag=6.2.2-2", }, }, }, { category: "product_version", name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product: { name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product_id: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", product_identification_helper: { purl: "pkg:oci/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc?arch=amd64&repository_url=registry.redhat.io/mta/mta-windup-addon-rhel9&tag=6.2.2-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", }, product_reference: "mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", relates_to_product_reference: "8Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", }, product_reference: "mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", }, product_reference: "mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", }, product_reference: "mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", }, product_reference: "mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, { category: "default_component_of", full_product_name: { name: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64 as a component of MTA 6.2 for RHEL 8", product_id: "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", }, product_reference: "mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", relates_to_product_reference: "9Base-MTA-6.2", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-45693", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155970", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45693", }, { category: "external", summary: "RHBZ#2155970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155970", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45693", url: "https://www.cve.org/CVERecord?id=CVE-2022-45693", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", }, { cve: "CVE-2022-46751", cwe: { id: "CWE-91", name: "XML Injection (aka Blind XPath Injection)", }, discovery_date: "2023-08-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2233112", }, ], notes: [ { category: "description", text: "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle's \"Java API for XML Processing (JAXP) Security Guide\".", title: "Vulnerability description", }, { category: "summary", text: "apache-ivy: XML External Entity vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46751", }, { category: "external", summary: "RHBZ#2233112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2233112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46751", url: "https://www.cve.org/CVERecord?id=CVE-2022-46751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46751", }, { category: "external", summary: "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", url: "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", }, ], release_date: "2023-08-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-ivy: XML External Entity vulnerability", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2023-06-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215229", }, ], notes: [ { category: "description", text: "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", title: "Vulnerability description", }, { category: "summary", text: "guava: insecure temporary directory creation", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-2976", }, { category: "external", summary: "RHBZ#2215229", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215229", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-2976", url: "https://www.cve.org/CVERecord?id=CVE-2023-2976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", }, ], release_date: "2023-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "guava: insecure temporary directory creation", }, { cve: "CVE-2023-26159", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2256413", }, ], notes: [ { category: "description", text: "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()", title: "Vulnerability summary", }, { category: "other", text: "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26159", }, { category: "external", summary: "RHBZ#2256413", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2256413", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26159", url: "https://www.cve.org/CVERecord?id=CVE-2023-26159", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26159", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26159", }, ], release_date: "2024-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()", }, { cve: "CVE-2023-29406", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2222167", }, ], notes: [ { category: "description", text: "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: insufficient sanitization of Host header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29406", }, { category: "external", summary: "RHBZ#2222167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29406", url: "https://www.cve.org/CVERecord?id=CVE-2023-29406", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", url: "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", }, ], release_date: "2023-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: insufficient sanitization of Host header", }, { cve: "CVE-2023-29409", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-08-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2228743", }, ], notes: [ { category: "description", text: "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29409", }, { category: "external", summary: "RHBZ#2228743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29409", url: "https://www.cve.org/CVERecord?id=CVE-2023-29409", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", }, { category: "external", summary: "https://go.dev/cl/515257", url: "https://go.dev/cl/515257", }, { category: "external", summary: "https://go.dev/issue/61460", url: "https://go.dev/issue/61460", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", url: "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-1987", url: "https://pkg.go.dev/vuln/GO-2023-1987", }, ], release_date: "2023-08-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", }, { cve: "CVE-2023-35116", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-06-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215214", }, ], notes: [ { category: "description", text: "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: denial of service via cylic dependencies", title: "Vulnerability summary", }, { category: "other", text: "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35116", }, { category: "external", summary: "RHBZ#2215214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215214", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35116", url: "https://www.cve.org/CVERecord?id=CVE-2023-35116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35116", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35116", }, ], release_date: "2023-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-02-28T18:13:39+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1027", }, { category: "workaround", details: "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.", product_ids: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTA-6.2:mta/mta-rhel8-operator@sha256:e1e6f80467054b95379c1b482800a656917e1cfd35d8fac2d4f6ff4091088a67_amd64", "9Base-MTA-6.2:mta/mta-hub-rhel9@sha256:b232b42b2de4be2d7c67ef2418070b155b79a275e2cbba343a04c22c1e016662_amd64", "9Base-MTA-6.2:mta/mta-operator-bundle@sha256:d142049160f51b71f1c9d970e23824952ca35e7c2e23d6c8753a33e727b87b81_amd64", "9Base-MTA-6.2:mta/mta-pathfinder-rhel9@sha256:781aef6a3a23c765a31e38a36ebc4c40957249888532f46a77d320f416816508_amd64", "9Base-MTA-6.2:mta/mta-ui-rhel9@sha256:2e10de6bd9bb24a03579f555b71e6ff57f2c9d74cf3b79ec42e9dba4cab628a1_amd64", "9Base-MTA-6.2:mta/mta-windup-addon-rhel9@sha256:73671e9d3c4bf624d1a6745c5002b93b158519abf6b13c7bb0e1491d873316fc_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: denial of service via cylic dependencies", }, ], }
RHSA-2023:3641
Vulnerability from csaf_redhat
Published
2023-06-15 15:23
Modified
2025-03-16 06:48
Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Notes
Topic
Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.
Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.\n\nRed Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3641", url: "https://access.redhat.com/errata/RHSA-2023:3641", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3641.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release", tracking: { current_release_date: "2025-03-16T06:48:55+00:00", generator: { date: "2025-03-16T06:48:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3641", initial_release_date: "2023-06-15T15:23:47+00:00", revision_history: [ { date: "2023-06-15T15:23:47+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-15T15:23:47+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T06:48:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Springboot 3.18.3.P2", product: { name: "RHINT Camel-Springboot 3.18.3.P2", product_id: "RHINT Camel-Springboot 3.18.3.P2", product_identification_helper: { cpe: "cpe:/a:redhat:camel_spring_boot:3.18", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-38752", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129710", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38752", }, { category: "external", summary: "RHBZ#2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38752", url: "https://www.cve.org/CVERecord?id=CVE-2022-38752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40156", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134288", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40156", }, { category: "external", summary: "RHBZ#2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40156", url: "https://www.cve.org/CVERecord?id=CVE-2022-40156", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, ], }
rhsa-2023_3663
Vulnerability from csaf_redhat
Published
2023-06-19 10:15
Modified
2024-12-17 23:05
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3663", url: "https://access.redhat.com/errata/RHSA-2023:3663", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2087214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087214", }, { category: "external", summary: "2116952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116952", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2177626", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177626", }, { category: "external", summary: "2177629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177629", }, { category: "external", summary: "2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2207830", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207830", }, { category: "external", summary: "2207835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207835", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json", }, ], title: "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", tracking: { current_release_date: "2024-12-17T23:05:24+00:00", generator: { date: "2024-12-17T23:05:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:3663", initial_release_date: "2023-06-19T10:15:57+00:00", revision_history: [ { date: "2023-06-19T10:15:57+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-19T10:15:57+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T23:05:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product: { name: "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.11::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686831596-3.el8.src", product: { name: "jenkins-0:2.401.1.1686831596-3.el8.src", product_id: "jenkins-0:2.401.1.1686831596-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product_id: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product: { name: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product_id: "jenkins-0:2.401.1.1686831596-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", }, product_reference: "jenkins-0:2.401.1.1686831596-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", }, product_reference: "jenkins-0:2.401.1.1686831596-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", product_id: "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.11", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2048", cwe: { id: "CWE-410", name: "Insufficient Resource Pool", }, discovery_date: "2022-08-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2116952", }, ], notes: [ { category: "description", text: "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.", title: "Vulnerability description", }, { category: "summary", text: "http2-server: Invalid HTTP/2 requests cause DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-2048", }, { category: "external", summary: "RHBZ#2116952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116952", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-2048", url: "https://www.cve.org/CVERecord?id=CVE-2022-2048", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", }, { category: "external", summary: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", }, ], release_date: "2022-07-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http2-server: Invalid HTTP/2 requests cause DoS", }, { cve: "CVE-2022-22976", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2087214", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.", title: "Vulnerability description", }, { category: "summary", text: "springframework: BCrypt skips salt rounds for work factor of 31", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-22976", }, { category: "external", summary: "RHBZ#2087214", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087214", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-22976", url: "https://www.cve.org/CVERecord?id=CVE-2022-22976", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", }, { category: "external", summary: "https://tanzu.vmware.com/security/cve-2022-22976", url: "https://tanzu.vmware.com/security/cve-2022-22976", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: BCrypt skips salt rounds for work factor of 31", }, { cve: "CVE-2022-40149", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135771", }, ], notes: [ { category: "description", text: "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: parser crash by stackoverflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40149", }, { category: "external", summary: "RHBZ#2135771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40149", url: "https://www.cve.org/CVERecord?id=CVE-2022-40149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: parser crash by stackoverflow", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-27898", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177629", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: XSS vulnerability in plugin manager", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27898", }, { category: "external", summary: "RHBZ#2177629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177629", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27898", url: "https://www.cve.org/CVERecord?id=CVE-2023-27898", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Jenkins: XSS vulnerability in plugin manager", }, { cve: "CVE-2023-27899", cwe: { id: "CWE-378", name: "Creation of Temporary File With Insecure Permissions", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177626", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary plugin file created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27899", }, { category: "external", summary: "RHBZ#2177626", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177626", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27899", url: "https://www.cve.org/CVERecord?id=CVE-2023-27899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Jenkins: Temporary plugin file created with insecure permissions", }, { cve: "CVE-2023-27903", cwe: { id: "CWE-266", name: "Incorrect Privilege Assignment", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177632", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary file parameter created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27903", }, { category: "external", summary: "RHBZ#2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27903", url: "https://www.cve.org/CVERecord?id=CVE-2023-27903", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Temporary file parameter created with insecure permissions", }, { cve: "CVE-2023-27904", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177634", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Information disclosure through error stack traces related to agents", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27904", }, { category: "external", summary: "RHBZ#2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27904", url: "https://www.cve.org/CVERecord?id=CVE-2023-27904", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Information disclosure through error stack traces related to agents", }, { cve: "CVE-2023-32977", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2207830", }, ], notes: [ { category: "description", text: "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won'tfix.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-32977", }, { category: "external", summary: "RHBZ#2207830", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207830", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-32977", url: "https://www.cve.org/CVERecord?id=CVE-2023-32977", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", url: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", }, ], release_date: "2023-05-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", }, { cve: "CVE-2023-32981", discovery_date: "2023-05-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2207835", }, ], notes: [ { category: "description", text: "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won'tfix.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-32981", }, { category: "external", summary: "RHBZ#2207835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2207835", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-32981", url: "https://www.cve.org/CVERecord?id=CVE-2023-32981", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", url: "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", }, ], release_date: "2023-05-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T10:15:57+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3663", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", }, ], }
rhsa-2023_3667
Vulnerability from csaf_redhat
Published
2023-06-19 16:32
Modified
2024-12-16 16:23
Summary
Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
Notes
Topic
Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Security Fix(es):
* CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray
* CVE-2021-37533 apache-commons-net: FTP client trusts the host from PASV response by default
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel Extensions for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n Red Hat Product Security has rated this update as having an impact of Important.\n A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n Red Hat Product Security has rated this update as having an impact of Important.\n\n A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n Security Fix(es):\n\n * CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray\n * CVE-2021-37533 apache-commons-net: FTP client trusts the host from PASV response by default", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3667", url: "https://access.redhat.com/errata/RHSA-2023:3667", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/security/cve/cve-2023-1436", url: "https://access.redhat.com/security/cve/cve-2023-1436", }, { category: "external", summary: "https://access.redhat.com/security/cve/cve-2021-37533", url: "https://access.redhat.com/security/cve/cve-2021-37533", }, { category: "external", summary: "2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3667.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update", tracking: { current_release_date: "2024-12-16T16:23:48+00:00", generator: { date: "2024-12-16T16:23:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:3667", initial_release_date: "2023-06-19T16:32:32+00:00", revision_history: [ { date: "2023-06-19T16:32:32+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-19T16:32:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:23:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Q 2.13.3", product: { name: "RHINT Camel-Q 2.13.3", product_id: "RHINT Camel-Q 2.13.3", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:2.13", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37533", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169924", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-net: FTP client trusts the host from PASV response by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Q 2.13.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37533", }, { category: "external", summary: "RHBZ#2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37533", url: "https://www.cve.org/CVERecord?id=CVE-2021-37533", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T16:32:32+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Q 2.13.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Q 2.13.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-net: FTP client trusts the host from PASV response by default", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Q 2.13.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-19T16:32:32+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Q 2.13.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Q 2.13.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, ], }
RHSA-2023:4920
Vulnerability from csaf_redhat
Published
2023-08-31 13:27
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4920", url: "https://access.redhat.com/errata/RHSA-2023:4920", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4920.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 9", tracking: { current_release_date: "2025-03-15T00:11:17+00:00", generator: { date: "2025-03-15T00:11:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4920", initial_release_date: "2023-08-31T13:27:58+00:00", revision_history: [ { date: "2023-08-31T13:27:58+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:27:58+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023:3622
Vulnerability from csaf_redhat
Published
2023-06-15 09:03
Modified
2025-03-14 22:08
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)\n\n* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3622", url: "https://access.redhat.com/errata/RHSA-2023:3622", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.openshift.com/container-platform/4.13/cicd/jenkins/important-changes-to-openshift-jenkins-images.html", url: "https://docs.openshift.com/container-platform/4.13/cicd/jenkins/important-changes-to-openshift-jenkins-images.html", }, { category: "external", summary: "2066479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066479", }, { category: "external", summary: "2119646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119646", }, { category: "external", summary: "2119647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119647", }, { category: "external", summary: "2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3622.json", }, ], title: "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", tracking: { current_release_date: "2025-03-14T22:08:02+00:00", generator: { date: "2025-03-14T22:08:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3622", initial_release_date: "2023-06-15T09:03:50+00:00", revision_history: [ { date: "2023-06-15T09:03:50+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-15T09:03:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:08:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.13", product: { name: "OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.13::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686680404-3.el8.src", product: { name: "jenkins-0:2.401.1.1686680404-3.el8.src", product_id: "jenkins-0:2.401.1.1686680404-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686680404-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product_id: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1686680473-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product: { name: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product_id: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686680404-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1686680473-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686680404-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", }, product_reference: "jenkins-0:2.401.1.1686680404-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686680404-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", }, product_reference: "jenkins-0:2.401.1.1686680404-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, ], }, vulnerabilities: [ { cve: "CVE-2022-29599", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066479", }, ], notes: [ { category: "description", text: "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", title: "Vulnerability description", }, { category: "summary", text: "maven-shared-utils: Command injection via Commandline class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It's worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-29599", }, { category: "external", summary: "RHBZ#2066479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066479", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-29599", url: "https://www.cve.org/CVERecord?id=CVE-2022-29599", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", }, ], release_date: "2020-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "maven-shared-utils: Command injection via Commandline class", }, { cve: "CVE-2022-30953", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-08-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2119646", }, ], notes: [ { category: "description", text: "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.", title: "Vulnerability description", }, { category: "summary", text: "plugin: CSRF vulnerability in Blue Ocean Plugin", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30953", }, { category: "external", summary: "RHBZ#2119646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119646", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30953", url: "https://www.cve.org/CVERecord?id=CVE-2022-30953", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", url: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin: CSRF vulnerability in Blue Ocean Plugin", }, { cve: "CVE-2022-30954", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2022-08-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2119647", }, ], notes: [ { category: "description", text: "Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.", title: "Vulnerability description", }, { category: "summary", text: "plugin: missing permission checks in Blue Ocean Plugin", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30954", }, { category: "external", summary: "RHBZ#2119647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119647", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30954", url: "https://www.cve.org/CVERecord?id=CVE-2022-30954", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", url: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin: missing permission checks in Blue Ocean Plugin", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-27903", cwe: { id: "CWE-266", name: "Incorrect Privilege Assignment", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177632", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary file parameter created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27903", }, { category: "external", summary: "RHBZ#2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27903", url: "https://www.cve.org/CVERecord?id=CVE-2023-27903", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Temporary file parameter created with insecure permissions", }, { cve: "CVE-2023-27904", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177634", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Information disclosure through error stack traces related to agents", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27904", }, { category: "external", summary: "RHBZ#2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27904", url: "https://www.cve.org/CVERecord?id=CVE-2023-27904", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Information disclosure through error stack traces related to agents", }, ], }
rhsa-2023_4506
Vulnerability from csaf_redhat
Published
2023-08-07 15:18
Modified
2024-12-16 16:24
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4506", url: "https://access.redhat.com/errata/RHSA-2023:4506", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24721", url: "https://issues.redhat.com/browse/JBEAP-24721", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4506.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2024-12-16T16:24:07+00:00", generator: { date: "2024-12-16T16:24:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4506", initial_release_date: "2023-08-07T15:18:12+00:00", revision_history: [ { date: "2023-08-07T15:18:12+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:18:12+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:24:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el8eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023_4918
Vulnerability from csaf_redhat
Published
2023-08-31 13:28
Modified
2024-12-16 16:24
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4918", url: "https://access.redhat.com/errata/RHSA-2023:4918", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4918.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 7", tracking: { current_release_date: "2024-12-16T16:24:35+00:00", generator: { date: "2024-12-16T16:24:35+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4918", initial_release_date: "2023-08-31T13:28:04+00:00", revision_history: [ { date: "2023-08-31T13:28:04+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:28:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:24:35+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2023:3622
Vulnerability from csaf_redhat
Published
2023-06-15 09:03
Modified
2025-03-14 22:08
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)\n\n* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3622", url: "https://access.redhat.com/errata/RHSA-2023:3622", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.openshift.com/container-platform/4.13/cicd/jenkins/important-changes-to-openshift-jenkins-images.html", url: "https://docs.openshift.com/container-platform/4.13/cicd/jenkins/important-changes-to-openshift-jenkins-images.html", }, { category: "external", summary: "2066479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066479", }, { category: "external", summary: "2119646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119646", }, { category: "external", summary: "2119647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119647", }, { category: "external", summary: "2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3622.json", }, ], title: "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", tracking: { current_release_date: "2025-03-14T22:08:02+00:00", generator: { date: "2025-03-14T22:08:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3622", initial_release_date: "2023-06-15T09:03:50+00:00", revision_history: [ { date: "2023-06-15T09:03:50+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-15T09:03:50+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T22:08:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.13", product: { name: "OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.13::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686680404-3.el8.src", product: { name: "jenkins-0:2.401.1.1686680404-3.el8.src", product_id: "jenkins-0:2.401.1.1686680404-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686680404-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product_id: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1686680473-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product: { name: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product_id: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686680404-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1686680473-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686680404-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", }, product_reference: "jenkins-0:2.401.1.1686680404-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686680404-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", }, product_reference: "jenkins-0:2.401.1.1686680404-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, ], }, vulnerabilities: [ { cve: "CVE-2022-29599", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066479", }, ], notes: [ { category: "description", text: "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", title: "Vulnerability description", }, { category: "summary", text: "maven-shared-utils: Command injection via Commandline class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It's worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-29599", }, { category: "external", summary: "RHBZ#2066479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066479", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-29599", url: "https://www.cve.org/CVERecord?id=CVE-2022-29599", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", }, ], release_date: "2020-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "maven-shared-utils: Command injection via Commandline class", }, { cve: "CVE-2022-30953", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-08-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2119646", }, ], notes: [ { category: "description", text: "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.", title: "Vulnerability description", }, { category: "summary", text: "plugin: CSRF vulnerability in Blue Ocean Plugin", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30953", }, { category: "external", summary: "RHBZ#2119646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119646", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30953", url: "https://www.cve.org/CVERecord?id=CVE-2022-30953", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", url: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin: CSRF vulnerability in Blue Ocean Plugin", }, { cve: "CVE-2022-30954", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2022-08-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2119647", }, ], notes: [ { category: "description", text: "Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.", title: "Vulnerability description", }, { category: "summary", text: "plugin: missing permission checks in Blue Ocean Plugin", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30954", }, { category: "external", summary: "RHBZ#2119647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119647", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30954", url: "https://www.cve.org/CVERecord?id=CVE-2022-30954", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", url: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin: missing permission checks in Blue Ocean Plugin", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-27903", cwe: { id: "CWE-266", name: "Incorrect Privilege Assignment", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177632", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary file parameter created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27903", }, { category: "external", summary: "RHBZ#2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27903", url: "https://www.cve.org/CVERecord?id=CVE-2023-27903", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Temporary file parameter created with insecure permissions", }, { cve: "CVE-2023-27904", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177634", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Information disclosure through error stack traces related to agents", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27904", }, { category: "external", summary: "RHBZ#2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27904", url: "https://www.cve.org/CVERecord?id=CVE-2023-27904", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Information disclosure through error stack traces related to agents", }, ], }
rhsa-2023_4509
Vulnerability from csaf_redhat
Published
2023-08-07 15:02
Modified
2024-12-16 16:24
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.12 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4509", url: "https://access.redhat.com/errata/RHSA-2023:4509", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4509.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.12 security update", tracking: { current_release_date: "2024-12-16T16:24:16+00:00", generator: { date: "2024-12-16T16:24:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4509", initial_release_date: "2023-08-07T15:02:21+00:00", revision_history: [ { date: "2023-08-07T15:02:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:02:21+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:24:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, { cve: "CVE-2023-5379", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-10-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242099", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "undertow: AJP Request closes connection exceeding maxRequestSize", title: "Vulnerability summary", }, { category: "other", text: "Due to AJP packet size limitation by ProxyIOBufferSize (default: 8192, max: 65536) directive on httpd side, AJP packets larger than 64KB will not reach JBoss EAP. The default value of max-header-size in JBoss EAP 7 is 1048576 (1MiB), therefore, only JBoss EAP instances with max-header-size set to 64 KB or less may be affected by this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5379", }, { category: "external", summary: "RHBZ#2242099", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5379", url: "https://www.cve.org/CVERecord?id=CVE-2023-5379", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: AJP Request closes connection exceeding maxRequestSize", }, ], }
RHSA-2023:4509
Vulnerability from csaf_redhat
Published
2023-08-07 15:02
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.12 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4509", url: "https://access.redhat.com/errata/RHSA-2023:4509", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4509.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.12 security update", tracking: { current_release_date: "2025-03-15T00:11:28+00:00", generator: { date: "2025-03-15T00:11:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4509", initial_release_date: "2023-08-07T15:02:21+00:00", revision_history: [ { date: "2023-08-07T15:02:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:02:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, { cve: "CVE-2023-5379", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-10-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242099", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "undertow: AJP Request closes connection exceeding maxRequestSize", title: "Vulnerability summary", }, { category: "other", text: "Due to AJP packet size limitation by ProxyIOBufferSize (default: 8192, max: 65536) directive on httpd side, AJP packets larger than 64KB will not reach JBoss EAP. The default value of max-header-size in JBoss EAP 7 is 1048576 (1MiB), therefore, only JBoss EAP instances with max-header-size set to 64 KB or less may be affected by this issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5379", }, { category: "external", summary: "RHBZ#2242099", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5379", url: "https://www.cve.org/CVERecord?id=CVE-2023-5379", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:02:21+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4509", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: AJP Request closes connection exceeding maxRequestSize", }, ], }
RHSA-2023:4924
Vulnerability from csaf_redhat
Published
2023-08-31 13:29
Modified
2025-03-15 00:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4924", url: "https://access.redhat.com/errata/RHSA-2023:4924", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4924.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update", tracking: { current_release_date: "2025-03-15T00:10:48+00:00", generator: { date: "2025-03-15T00:10:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4924", initial_release_date: "2023-08-31T13:29:21+00:00", revision_history: [ { date: "2023-08-31T13:29:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:29:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:10:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.5", product: { name: "Red Hat Single Sign-On 7.6.5", product_id: "Red Hat Single Sign-On 7.6.5", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.5", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023:4506
Vulnerability from csaf_redhat
Published
2023-08-07 15:18
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4506", url: "https://access.redhat.com/errata/RHSA-2023:4506", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24721", url: "https://issues.redhat.com/browse/JBEAP-24721", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4506.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2025-03-15T00:11:17+00:00", generator: { date: "2025-03-15T00:11:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4506", initial_release_date: "2023-08-07T15:18:12+00:00", revision_history: [ { date: "2023-08-07T15:18:12+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:18:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el8eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2023:2100
Vulnerability from csaf_redhat
Published
2023-05-03 14:05
Modified
2025-03-16 06:49
Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update
Notes
Topic
Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)
* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)
* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)
* apache-ivy: Directory Traversal (CVE-2022-37865)
* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)\n\n* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)\n\n* apache-ivy: Directory Traversal (CVE-2022-37865)\n\n* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:2100", url: "https://access.redhat.com/errata/RHSA-2023:2100", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2134292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134292", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "2136128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136128", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2136207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136207", }, { category: "external", summary: "2145205", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145205", }, { category: "external", summary: "2145264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145264", }, { category: "external", summary: "2150011", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150011", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "2182188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182188", }, { category: "external", summary: "2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2187742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2187742", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2100.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update", tracking: { current_release_date: "2025-03-16T06:49:26+00:00", generator: { date: "2025-03-16T06:49:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:2100", initial_release_date: "2023-05-03T14:05:29+00:00", revision_history: [ { date: "2023-05-03T14:05:29+00:00", number: "1", summary: "Initial version", }, { date: "2023-05-03T14:05:29+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T06:49:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Springboot 3.20.1", product: { name: "RHINT Camel-Springboot 3.20.1", product_id: "RHINT Camel-Springboot 3.20.1", product_identification_helper: { cpe: "cpe:/a:redhat:camel_spring_boot:3.20.1", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37533", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-02-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169924", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about services running on the private network of the client.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-net: FTP client trusts the host from PASV response by default", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37533", }, { category: "external", summary: "RHBZ#2169924", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169924", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37533", url: "https://www.cve.org/CVERecord?id=CVE-2021-37533", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-net: FTP client trusts the host from PASV response by default", }, { cve: "CVE-2022-4492", cwe: { id: "CWE-550", name: "Server-generated Error Message Containing Sensitive Information", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153260", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Server identity in https connection is not checked by the undertow client", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4492", }, { category: "external", summary: "RHBZ#2153260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4492", url: "https://www.cve.org/CVERecord?id=CVE-2022-4492", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", }, ], release_date: "2022-12-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: Server identity in https connection is not checked by the undertow client", }, { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-31777", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145264", }, ], notes: [ { category: "description", text: "A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.", title: "Vulnerability description", }, { category: "summary", text: "apache-spark: XSS vulnerability in log viewer UI Javascript", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-31777", }, { category: "external", summary: "RHBZ#2145264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145264", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-31777", url: "https://www.cve.org/CVERecord?id=CVE-2022-31777", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-31777", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-31777", }, ], release_date: "2022-11-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-spark: XSS vulnerability in log viewer UI Javascript", }, { cve: "CVE-2022-33681", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136207", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle (MITM) attack, manipulating network traffic and gaining the client's authentication data.", title: "Vulnerability description", }, { category: "summary", text: "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-33681", }, { category: "external", summary: "RHBZ#2136207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136207", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-33681", url: "https://www.cve.org/CVERecord?id=CVE-2022-33681", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-33681", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-33681", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM", }, { cve: "CVE-2022-37865", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182188", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access.", title: "Vulnerability description", }, { category: "summary", text: "apache-ivy: Directory Traversal", title: "Vulnerability summary", }, { category: "other", text: "Although the CVSS states High according to NIST, due to the nature of this flaw, considering it's an optional attribute and there must be restrictions in other layers to prevent attacks, this flaw is taken as a Moderate following the Medium impact from Apache.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37865", }, { category: "external", summary: "RHBZ#2182188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182188", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37865", url: "https://www.cve.org/CVERecord?id=CVE-2022-37865", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37865", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37865", }, { category: "external", summary: "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy", url: "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy", }, ], release_date: "2022-11-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-ivy: Directory Traversal", }, { cve: "CVE-2022-37866", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-12-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2150011", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Ivy. This may allow an attacker to place artifacts inside and outside of Ivy's repository and overwrite artifacts that the user will use later.", title: "Vulnerability description", }, { category: "summary", text: "Ivy: Ivy Path traversal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37866", }, { category: "external", summary: "RHBZ#2150011", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2150011", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37866", url: "https://www.cve.org/CVERecord?id=CVE-2022-37866", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37866", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37866", }, ], release_date: "2022-11-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Ivy: Ivy Path traversal", }, { cve: "CVE-2022-38398", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155292", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38398", }, { category: "external", summary: "RHBZ#2155292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38398", url: "https://www.cve.org/CVERecord?id=CVE-2022-38398", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38398", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903462", url: "http://svn.apache.org/viewvc?view=revision&revision=1903462", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1331", url: "https://issues.apache.org/jira/browse/BATIK-1331", }, { category: "external", summary: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", url: "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38648", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155295", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38648", }, { category: "external", summary: "RHBZ#2155295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38648", url: "https://www.cve.org/CVERecord?id=CVE-2022-38648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38648", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903625", url: "http://svn.apache.org/viewvc?view=revision&revision=1903625", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1333", url: "https://issues.apache.org/jira/browse/BATIK-1333", }, { category: "external", summary: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", url: "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-38752", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129710", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38752", }, { category: "external", summary: "RHBZ#2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38752", url: "https://www.cve.org/CVERecord?id=CVE-2022-38752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", }, { cve: "CVE-2022-39368", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145205", }, ], notes: [ { category: "description", text: "A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.", title: "Vulnerability description", }, { category: "summary", text: "scandium: Failing DTLS handshakes may cause throttling to block processing of records", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-39368", }, { category: "external", summary: "RHBZ#2145205", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145205", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-39368", url: "https://www.cve.org/CVERecord?id=CVE-2022-39368", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-39368", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-39368", }, { category: "external", summary: "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc", url: "https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjgc", }, ], release_date: "2022-11-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "scandium: Failing DTLS handshakes may cause throttling to block processing of records", }, { cve: "CVE-2022-40146", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155291", }, ], notes: [ { category: "description", text: "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.", title: "Vulnerability description", }, { category: "summary", text: "batik: Server-Side Request Forgery (SSRF) vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40146", }, { category: "external", summary: "RHBZ#2155291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40146", url: "https://www.cve.org/CVERecord?id=CVE-2022-40146", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40146", }, { category: "external", summary: "http://svn.apache.org/viewvc?view=revision&revision=1903910", url: "http://svn.apache.org/viewvc?view=revision&revision=1903910", }, { category: "external", summary: "https://issues.apache.org/jira/browse/BATIK-1335", url: "https://issues.apache.org/jira/browse/BATIK-1335", }, { category: "external", summary: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", url: "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx", }, ], release_date: "2022-09-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Server-Side Request Forgery (SSRF) vulnerability", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135770", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "jettison: memory exhaustion via user-supplied XML or JSON data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40150", }, { category: "external", summary: "RHBZ#2135770", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135770", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40150", url: "https://www.cve.org/CVERecord?id=CVE-2022-40150", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", }, { category: "external", summary: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", }, ], release_date: "2022-09-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jettison: memory exhaustion via user-supplied XML or JSON data", }, { cve: "CVE-2022-40151", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134292", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40151", }, { category: "external", summary: "RHBZ#2134292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40151", url: "https://www.cve.org/CVERecord?id=CVE-2022-40151", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40151", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40151", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40156", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134288", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40156", }, { category: "external", summary: "RHBZ#2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40156", url: "https://www.cve.org/CVERecord?id=CVE-2022-40156", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41704", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182182", }, ], notes: [ { category: "description", text: "A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.", title: "Vulnerability description", }, { category: "summary", text: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41704", }, { category: "external", summary: "RHBZ#2182182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182182", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41704", url: "https://www.cve.org/CVERecord?id=CVE-2022-41704", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41704", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Apache XML Graphics Batik vulnerable to code execution via SVG", }, { cve: "CVE-2022-41852", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136128", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.", title: "Vulnerability description", }, { category: "summary", text: "JXPath: untrusted XPath expressions may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41852", }, { category: "external", summary: "RHBZ#2136128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41852", url: "https://www.cve.org/CVERecord?id=CVE-2022-41852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41852", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41852", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JXPath: untrusted XPath expressions may lead to RCE attack", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-41881", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2022-12-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2153379", }, ], notes: [ { category: "description", text: "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41881", }, { category: "external", summary: "RHBZ#2153379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153379", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41881", url: "https://www.cve.org/CVERecord?id=CVE-2022-41881", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41881", }, ], release_date: "2022-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS", }, { cve: "CVE-2022-41966", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-02-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2170431", }, ], notes: [ { category: "description", text: "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41966", }, { category: "external", summary: "RHBZ#2170431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2170431", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41966", url: "https://www.cve.org/CVERecord?id=CVE-2022-41966", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", }, { category: "external", summary: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", }, ], release_date: "2022-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-42890", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182183", }, ], notes: [ { category: "description", text: "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.", title: "Vulnerability description", }, { category: "summary", text: "batik: Untrusted code execution in Apache XML Graphics Batik", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42890", }, { category: "external", summary: "RHBZ#2182183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42890", url: "https://www.cve.org/CVERecord?id=CVE-2022-42890", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", }, ], release_date: "2022-10-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "batik: Untrusted code execution in Apache XML Graphics Batik", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-20863", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2187742", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20863", }, { category: "external", summary: "RHBZ#2187742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2187742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20863", url: "https://www.cve.org/CVERecord?id=CVE-2023-20863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20863", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20863", }, { category: "external", summary: "https://spring.io/security/cve-2023-20863", url: "https://spring.io/security/cve-2023-20863", }, ], release_date: "2023-04-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-22602", cwe: { id: "CWE-436", name: "Interpretation Conflict", }, discovery_date: "2023-03-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182198", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Authentication bypass through a specially crafted HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-22602", }, { category: "external", summary: "RHBZ#2182198", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182198", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-22602", url: "https://www.cve.org/CVERecord?id=CVE-2023-22602", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-22602", }, ], release_date: "2023-01-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "shiro: Authentication bypass through a specially crafted HTTP request", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.20.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-05-03T14:05:29+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.20.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:2100", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.20.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, ], }
rhsa-2023_4921
Vulnerability from csaf_redhat
Published
2023-08-31 13:25
Modified
2024-12-16 16:24
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update
Notes
Topic
A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4921", url: "https://access.redhat.com/errata/RHSA-2023:4921", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4921.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update", tracking: { current_release_date: "2024-12-16T16:24:25+00:00", generator: { date: "2024-12-16T16:24:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4921", initial_release_date: "2023-08-31T13:25:37+00:00", revision_history: [ { date: "2023-08-31T13:25:37+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:25:37+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:24:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023_7670
Vulnerability from csaf_redhat
Published
2023-12-06 13:16
Modified
2024-12-16 16:24
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes bug fix, enhancement and security update
Notes
Topic
Migration Toolkit for Runtimes 1.2.3 release
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.2.3 Images
Security Fix(es):
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Migration Toolkit for Runtimes 1.2.3 release\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Migration Toolkit for Runtimes 1.2.3 Images\n\nSecurity Fix(es):\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:7670", url: "https://access.redhat.com/errata/RHSA-2023:7670", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7670.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Runtimes bug fix, enhancement and security update", tracking: { current_release_date: "2024-12-16T16:24:35+00:00", generator: { date: "2024-12-16T16:24:35+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:7670", initial_release_date: "2023-12-06T13:16:30+00:00", revision_history: [ { date: "2023-12-06T13:16:30+00:00", number: "1", summary: "Initial version", }, { date: "2023-12-06T13:16:30+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:24:35+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Migration Toolkit for Runtimes 1 on RHEL 8", product: { name: "Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1", product_identification_helper: { cpe: "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", }, }, }, ], category: "product_family", name: "Migration Toolkit for Runtimes", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product: { name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product_id: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product: { name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product_id: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product: { name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product_id: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae?arch=amd64&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product: { name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product_id: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product: { name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product_id: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product: { name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product_id: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05?arch=ppc64le&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product: { name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product_id: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product: { name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product_id: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product: { name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product_id: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", product_identification_helper: { purl: "pkg:oci/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8&tag=1.2-9", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa?arch=s390x&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product: { name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product_id: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", product_identification_helper: { purl: "pkg:oci/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-operator-bundle&tag=1.2-12", }, }, }, { category: "product_version", name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product: { name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product_id: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", product_identification_helper: { purl: "pkg:oci/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-rhel8-operator&tag=1.2-8", }, }, }, { category: "product_version", name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product: { name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product_id: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", product_identification_helper: { purl: "pkg:oci/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e?arch=arm64&repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8&tag=1.2-7", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", }, product_reference: "mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", }, product_reference: "mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", }, product_reference: "mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", }, product_reference: "mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", }, product_reference: "mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", }, product_reference: "mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", }, product_reference: "mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", }, product_reference: "mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", }, product_reference: "mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", relates_to_product_reference: "8Base-MTR-1", }, { category: "default_component_of", full_product_name: { name: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", product_id: "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", }, product_reference: "mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", relates_to_product_reference: "8Base-MTR-1", }, ], }, vulnerabilities: [ { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", ], known_not_affected: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-12-06T13:16:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:7670", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:5293436a5a3ac6d58921f23404f5036bf836d927369a7b7510812b09849c956b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6f3ccbac7996accf10009502170f90cdf90743e318cc05ddbba309cc50336ded_ppc64le", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d2f204445bd7dba20e63e96758be9c5a9730d5728acf2989fd756f729b240f8d_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:ea528174239334026f81ccad0492e81fca95353e50a7772e0492159cb900e0e8_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:81e86f4ad8bb5da8cc4bc5abff46c1ea8c1814d5a5f0a37b335934f614975b0c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:d2f3157af54b87429b4379afcf8e9952051115db8285e87cccf211fedb4311f0_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:e2b512a32de0a9ad7e418672cf89895e3e8b0941de5d585656f3fbd63183a408_amd64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:f38ebc54360273a63f8d1d12b2833f90298fbd163139fc83495b27ad12df367e_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:2883205c8561656add94eebbcaed5ebd0216715efdf68097633cd18f88e8cc15_s390x", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:61540ef88f2bbd67973e3e72eda8f3f0dd679412f97f0193ba76255fa0b733ae_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:d720c90a6a7c7fc552837eda008a12c9cb61f301c80dcdcca96ac0c9cc307ff3_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:0aa28c767f5e250d0b32cd7d8951640df6a8fcafbb483e066430873030396dfa_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:669ec20f29f8fa593188c06fb557b88779807dadd8a343b3d19ef986610eb1ae_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:a8550bf19bd52596c884667adda6d3f15dac955a1f5bd9c96fc09bed1d7ebd05_ppc64le", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:bfa77dc03166ff73c23659f171a6c265afb965b6a2202019f60de091c3aa168e_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, ], }
RHSA-2023:4921
Vulnerability from csaf_redhat
Published
2023-08-31 13:25
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update
Notes
Topic
A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4921", url: "https://access.redhat.com/errata/RHSA-2023:4921", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4921.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update", tracking: { current_release_date: "2025-03-15T00:11:27+00:00", generator: { date: "2025-03-15T00:11:27+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4921", initial_release_date: "2023-08-31T13:25:37+00:00", revision_history: [ { date: "2023-08-31T13:25:37+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:25:37+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:27+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023_4924
Vulnerability from csaf_redhat
Published
2023-08-31 13:29
Modified
2024-12-16 16:23
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4924", url: "https://access.redhat.com/errata/RHSA-2023:4924", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4924.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update", tracking: { current_release_date: "2024-12-16T16:23:58+00:00", generator: { date: "2024-12-16T16:23:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4924", initial_release_date: "2023-08-31T13:29:21+00:00", revision_history: [ { date: "2023-08-31T13:29:21+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:29:21+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:23:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6.5", product: { name: "Red Hat Single Sign-On 7.6.5", product_id: "Red Hat Single Sign-On 7.6.5", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6.5", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Single Sign-On 7.6.5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:29:21+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat Single Sign-On 7.6.5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4924", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat Single Sign-On 7.6.5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023_3641
Vulnerability from csaf_redhat
Published
2023-06-15 15:23
Modified
2024-12-16 16:23
Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Notes
Topic
Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.
Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.\n\nRed Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3641", url: "https://access.redhat.com/errata/RHSA-2023:3641", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3641.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release", tracking: { current_release_date: "2024-12-16T16:23:30+00:00", generator: { date: "2024-12-16T16:23:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:3641", initial_release_date: "2023-06-15T15:23:47+00:00", revision_history: [ { date: "2023-06-15T15:23:47+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-15T15:23:47+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:23:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Springboot 3.18.3.P2", product: { name: "RHINT Camel-Springboot 3.18.3.P2", product_id: "RHINT Camel-Springboot 3.18.3.P2", product_identification_helper: { cpe: "cpe:/a:redhat:camel_spring_boot:3.18", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-38752", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129710", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38752", }, { category: "external", summary: "RHBZ#2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38752", url: "https://www.cve.org/CVERecord?id=CVE-2022-38752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40156", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134288", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40156", }, { category: "external", summary: "RHBZ#2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40156", url: "https://www.cve.org/CVERecord?id=CVE-2022-40156", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, ], }
rhsa-2023_4507
Vulnerability from csaf_redhat
Published
2023-08-07 15:19
Modified
2024-12-16 16:24
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4507", url: "https://access.redhat.com/errata/RHSA-2023:4507", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24722", url: "https://issues.redhat.com/browse/JBEAP-24722", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4507.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2024-12-16T16:24:26+00:00", generator: { date: "2024-12-16T16:24:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4507", initial_release_date: "2023-08-07T15:19:40+00:00", revision_history: [ { date: "2023-08-07T15:19:40+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:19:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:24:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el9eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2023:4919
Vulnerability from csaf_redhat
Published
2023-08-31 13:27
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4919", url: "https://access.redhat.com/errata/RHSA-2023:4919", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4919.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 8", tracking: { current_release_date: "2025-03-15T00:11:07+00:00", generator: { date: "2025-03-15T00:11:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4919", initial_release_date: "2023-08-31T13:27:55+00:00", revision_history: [ { date: "2023-08-31T13:27:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:27:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023_3622
Vulnerability from csaf_redhat
Published
2023-06-15 09:03
Modified
2024-12-16 16:23
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)\n\n* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3622", url: "https://access.redhat.com/errata/RHSA-2023:3622", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.openshift.com/container-platform/4.13/cicd/jenkins/important-changes-to-openshift-jenkins-images.html", url: "https://docs.openshift.com/container-platform/4.13/cicd/jenkins/important-changes-to-openshift-jenkins-images.html", }, { category: "external", summary: "2066479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066479", }, { category: "external", summary: "2119646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119646", }, { category: "external", summary: "2119647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119647", }, { category: "external", summary: "2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3622.json", }, ], title: "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", tracking: { current_release_date: "2024-12-16T16:23:20+00:00", generator: { date: "2024-12-16T16:23:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:3622", initial_release_date: "2023-06-15T09:03:50+00:00", revision_history: [ { date: "2023-06-15T09:03:50+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-15T09:03:50+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:23:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.13", product: { name: "OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.13::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686680404-3.el8.src", product: { name: "jenkins-0:2.401.1.1686680404-3.el8.src", product_id: "jenkins-0:2.401.1.1686680404-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686680404-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product_id: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1686680473-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product: { name: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product_id: "jenkins-0:2.401.1.1686680404-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.401.1.1686680404-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1686680473-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686680404-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", }, product_reference: "jenkins-0:2.401.1.1686680404-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.401.1.1686680404-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", }, product_reference: "jenkins-0:2.401.1.1686680404-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, ], }, vulnerabilities: [ { cve: "CVE-2022-29599", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, discovery_date: "2022-03-15T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2066479", }, ], notes: [ { category: "description", text: "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", title: "Vulnerability description", }, { category: "summary", text: "maven-shared-utils: Command injection via Commandline class", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It's worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-29599", }, { category: "external", summary: "RHBZ#2066479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066479", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-29599", url: "https://www.cve.org/CVERecord?id=CVE-2022-29599", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", }, ], release_date: "2020-05-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "maven-shared-utils: Command injection via Commandline class", }, { cve: "CVE-2022-30953", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-08-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2119646", }, ], notes: [ { category: "description", text: "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.", title: "Vulnerability description", }, { category: "summary", text: "plugin: CSRF vulnerability in Blue Ocean Plugin", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30953", }, { category: "external", summary: "RHBZ#2119646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119646", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30953", url: "https://www.cve.org/CVERecord?id=CVE-2022-30953", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", url: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin: CSRF vulnerability in Blue Ocean Plugin", }, { cve: "CVE-2022-30954", cwe: { id: "CWE-862", name: "Missing Authorization", }, discovery_date: "2022-08-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2119647", }, ], notes: [ { category: "description", text: "Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.", title: "Vulnerability description", }, { category: "summary", text: "plugin: missing permission checks in Blue Ocean Plugin", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30954", }, { category: "external", summary: "RHBZ#2119647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119647", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30954", url: "https://www.cve.org/CVERecord?id=CVE-2022-30954", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", url: "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", }, ], release_date: "2022-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "plugin: missing permission checks in Blue Ocean Plugin", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20860", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180528", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", title: "Vulnerability description", }, { category: "summary", text: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20860", }, { category: "external", summary: "RHBZ#2180528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180528", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20860", url: "https://www.cve.org/CVERecord?id=CVE-2023-20860", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", }, { cve: "CVE-2023-20861", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180530", }, ], notes: [ { category: "description", text: "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "springframework: Spring Expression DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20861", }, { category: "external", summary: "RHBZ#2180530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20861", url: "https://www.cve.org/CVERecord?id=CVE-2023-20861", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", }, { category: "external", summary: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", url: "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "springframework: Spring Expression DoS Vulnerability", }, { cve: "CVE-2023-27903", cwe: { id: "CWE-266", name: "Incorrect Privilege Assignment", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177632", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Temporary file parameter created with insecure permissions", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27903", }, { category: "external", summary: "RHBZ#2177632", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177632", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27903", url: "https://www.cve.org/CVERecord?id=CVE-2023-27903", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Temporary file parameter created with insecure permissions", }, { cve: "CVE-2023-27904", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177634", }, ], notes: [ { category: "description", text: "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", title: "Vulnerability description", }, { category: "summary", text: "Jenkins: Information disclosure through error stack traces related to agents", title: "Vulnerability summary", }, { category: "other", text: "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], known_not_affected: [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27904", }, { category: "external", summary: "RHBZ#2177634", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177634", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27904", url: "https://www.cve.org/CVERecord?id=CVE-2023-27904", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", url: "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", }, ], release_date: "2023-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T09:03:50+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3622", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Jenkins: Information disclosure through error stack traces related to agents", }, ], }
rhsa-2023:4920
Vulnerability from csaf_redhat
Published
2023-08-31 13:27
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4920", url: "https://access.redhat.com/errata/RHSA-2023:4920", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4920.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 9", tracking: { current_release_date: "2025-03-15T00:11:17+00:00", generator: { date: "2025-03-15T00:11:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4920", initial_release_date: "2023-08-31T13:27:58+00:00", revision_history: [ { date: "2023-08-31T13:27:58+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:27:58+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 9", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el9sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el9sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", relates_to_product_reference: "9Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", product_id: "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", relates_to_product_reference: "9Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:58+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4920", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el9sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023:4921
Vulnerability from csaf_redhat
Published
2023-08-31 13:25
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update
Notes
Topic
A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A new image is available for Red Hat Single Sign-On 7.6.5, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4921", url: "https://access.redhat.com/errata/RHSA-2023:4921", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4921.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 for OpenShift image enhancement and security update", tracking: { current_release_date: "2025-03-15T00:11:27+00:00", generator: { date: "2025-03-15T00:11:27+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4921", initial_release_date: "2023-08-31T13:25:37+00:00", revision_history: [ { date: "2023-08-31T13:25:37+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:25:37+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:27+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Middleware Containers for OpenShift", product: { name: "Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware", product_identification_helper: { cpe: "cpe:/a:redhat:rhosemc:1.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product_id: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", product_identification_helper: { purl: "pkg:oci/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-27", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64 as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", relates_to_product_reference: "8Base-RHOSE-Middleware", }, { category: "default_component_of", full_product_name: { name: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le as a component of Middleware Containers for OpenShift", product_id: "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", }, product_reference: "rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", relates_to_product_reference: "8Base-RHOSE-Middleware", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:25:37+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4921", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1a8c42f880d58f68682d4b42b208789ac4d3cedf1fa025c8bfb980a16e707528_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:49034f0279b90c0f7979f005f823ab2d6e5cb5a1638d0258ab22834b7b4f225a_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:6062a78f9392681ec777bcec7a2105d6e1cca1ee905828590f5ba2e07921c16b_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023:4505
Vulnerability from csaf_redhat
Published
2023-08-07 15:18
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes
bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes\nbug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4505", url: "https://access.redhat.com/errata/RHSA-2023:4505", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24720", url: "https://issues.redhat.com/browse/JBEAP-24720", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4505.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2025-03-15T00:11:07+00:00", generator: { date: "2025-03-15T00:11:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4505", initial_release_date: "2023-08-07T15:18:04+00:00", revision_history: [ { date: "2023-08-07T15:18:04+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:18:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.30-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el7eap?arch=x86_64", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product: { name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_id: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.0.9-1.redhat_00001.1.el7eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", ], known_not_affected: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:04+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4505", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.0.9-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2023:4507
Vulnerability from csaf_redhat
Published
2023-08-07 15:19
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4507", url: "https://access.redhat.com/errata/RHSA-2023:4507", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24722", url: "https://issues.redhat.com/browse/JBEAP-24722", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4507.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2025-03-15T00:11:40+00:00", generator: { date: "2025-03-15T00:11:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4507", initial_release_date: "2023-08-07T15:19:40+00:00", revision_history: [ { date: "2023-08-07T15:19:40+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:19:40+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el9eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el9eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", ], known_not_affected: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:19:40+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4507", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2023:4506
Vulnerability from csaf_redhat
Published
2023-08-07 15:18
Modified
2025-03-15 00:11
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4506", url: "https://access.redhat.com/errata/RHSA-2023:4506", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "JBEAP-24711", url: "https://issues.redhat.com/browse/JBEAP-24711", }, { category: "external", summary: "JBEAP-24721", url: "https://issues.redhat.com/browse/JBEAP-24721", }, { category: "external", summary: "JBEAP-24744", url: "https://issues.redhat.com/browse/JBEAP-24744", }, { category: "external", summary: "JBEAP-24745", url: "https://issues.redhat.com/browse/JBEAP-24745", }, { category: "external", summary: "JBEAP-24790", url: "https://issues.redhat.com/browse/JBEAP-24790", }, { category: "external", summary: "JBEAP-24808", url: "https://issues.redhat.com/browse/JBEAP-24808", }, { category: "external", summary: "JBEAP-24819", url: "https://issues.redhat.com/browse/JBEAP-24819", }, { category: "external", summary: "JBEAP-24820", url: "https://issues.redhat.com/browse/JBEAP-24820", }, { category: "external", summary: "JBEAP-24821", url: "https://issues.redhat.com/browse/JBEAP-24821", }, { category: "external", summary: "JBEAP-24822", url: "https://issues.redhat.com/browse/JBEAP-24822", }, { category: "external", summary: "JBEAP-24831", url: "https://issues.redhat.com/browse/JBEAP-24831", }, { category: "external", summary: "JBEAP-24832", url: "https://issues.redhat.com/browse/JBEAP-24832", }, { category: "external", summary: "JBEAP-24835", url: "https://issues.redhat.com/browse/JBEAP-24835", }, { category: "external", summary: "JBEAP-24836", url: "https://issues.redhat.com/browse/JBEAP-24836", }, { category: "external", summary: "JBEAP-24858", url: "https://issues.redhat.com/browse/JBEAP-24858", }, { category: "external", summary: "JBEAP-24973", url: "https://issues.redhat.com/browse/JBEAP-24973", }, { category: "external", summary: "JBEAP-25004", url: "https://issues.redhat.com/browse/JBEAP-25004", }, { category: "external", summary: "JBEAP-25085", url: "https://issues.redhat.com/browse/JBEAP-25085", }, { category: "external", summary: "JBEAP-25086", url: "https://issues.redhat.com/browse/JBEAP-25086", }, { category: "external", summary: "JBEAP-25204", url: "https://issues.redhat.com/browse/JBEAP-25204", }, { category: "external", summary: "JBEAP-25205", url: "https://issues.redhat.com/browse/JBEAP-25205", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4506.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update", tracking: { current_release_date: "2025-03-15T00:11:17+00:00", generator: { date: "2025-03-15T00:11:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4506", initial_release_date: "2023-08-07T15:18:12+00:00", revision_history: [ { date: "2023-08-07T15:18:12+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-07T15:18:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:11:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.53-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.17-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.17-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product_id: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-2.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00014.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_id: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_id: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-27.SP12_redhat_00016.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product_id: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jettison@1.5.4-1.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_id: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-12.redhat_00048.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_id: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-23.SP12_redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.18-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product_id: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.7-2.redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.30-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product_id: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-protostream@4.3.5-2.Final_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-insights-java-client@1.0.9-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.25-3.SP3_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-30.Final_redhat_00029.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.12-3.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product_id: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-cert-helper@1.0.9-1.redhat_00001.1.el8eap?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", }, product_reference: "eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", }, product_reference: "eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", }, product_reference: "eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", }, product_reference: "eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", }, product_reference: "eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", }, product_reference: "eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", }, product_reference: "eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", }, product_reference: "eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", }, product_reference: "eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", }, product_reference: "eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-07T15:18:12+00:00", details: "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4506", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-12.redhat_00048.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-12.redhat_00048.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.7-2.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.18-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.30-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.30-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.0.9-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.53-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-30.Final_redhat_00029.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-30.Final_redhat_00029.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jettison-0:1.5.4-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-27.SP12_redhat_00016.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-23.SP12_redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-23.SP12_redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-27.SP12_redhat_00016.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.5-2.Final_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.25-3.SP3_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.12-3.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.12-3.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00014.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
RHSA-2023:4918
Vulnerability from csaf_redhat
Published
2023-08-31 13:28
Modified
2025-03-15 00:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4918", url: "https://access.redhat.com/errata/RHSA-2023:4918", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4918.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 7", tracking: { current_release_date: "2025-03-15T00:10:57+00:00", generator: { date: "2025-03-15T00:10:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4918", initial_release_date: "2023-08-31T13:28:04+00:00", revision_history: [ { date: "2023-08-31T13:28:04+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:28:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T00:10:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el7sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el7sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", relates_to_product_reference: "7Server-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", product_id: "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", relates_to_product_reference: "7Server-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:28:04+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4918", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el7sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023_4919
Vulnerability from csaf_redhat
Published
2023-08-31 13:27
Modified
2024-12-16 16:24
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "New Red Hat Single Sign-On 7.6.5 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4919", url: "https://access.redhat.com/errata/RHSA-2023:4919", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4919.json", }, ], title: "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.5 security update on RHEL 8", tracking: { current_release_date: "2024-12-16T16:24:07+00:00", generator: { date: "2024-12-16T16:24:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2023:4919", initial_release_date: "2023-08-31T13:27:55+00:00", revision_history: [ { date: "2023-08-31T13:27:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-31T13:27:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T16:24:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Single Sign-On 7.6 for RHEL 8", product: { name: "Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6", product_identification_helper: { cpe: "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", }, }, }, ], category: "product_family", name: "Red Hat Single Sign-On", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el8sso?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak@18.0.9-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, { category: "product_version", name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_id: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.9-1.redhat_00001.1.el8sso?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", }, product_reference: "rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", relates_to_product_reference: "8Base-RHSSO-7.6", }, { category: "default_component_of", full_product_name: { name: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", product_id: "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", }, product_reference: "rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", relates_to_product_reference: "8Base-RHSSO-7.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-46877", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185707", }, ], notes: [ { category: "description", text: "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-46877", }, { category: "external", summary: "RHBZ#2185707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-46877", url: "https://www.cve.org/CVERecord?id=CVE-2021-46877", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", }, ], release_date: "2023-03-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { acknowledgments: [ { names: [ "Keke Lian & Haoran Zhao", ], organization: "System and Software Security Lab in Fudan University", }, ], cve: "CVE-2023-3223", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209689", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", title: "Vulnerability description", }, { category: "summary", text: "undertow: OutOfMemoryError due to @MultipartConfig handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3223", }, { category: "external", summary: "RHBZ#2209689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3223", url: "https://www.cve.org/CVERecord?id=CVE-2023-3223", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", }, ], release_date: "2023-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-31T13:27:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4919", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.9-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.9-1.redhat_00001.1.el8sso.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: OutOfMemoryError due to @MultipartConfig handling", }, ], }
rhsa-2023:3641
Vulnerability from csaf_redhat
Published
2023-06-15 15:23
Modified
2025-03-16 06:48
Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Notes
Topic
Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.
Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.\n\nRed Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:3641", url: "https://access.redhat.com/errata/RHSA-2023:3641", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2", }, { category: "external", summary: "2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3641.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release", tracking: { current_release_date: "2025-03-16T06:48:55+00:00", generator: { date: "2025-03-16T06:48:55+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:3641", initial_release_date: "2023-06-15T15:23:47+00:00", revision_history: [ { date: "2023-06-15T15:23:47+00:00", number: "1", summary: "Initial version", }, { date: "2023-06-15T15:23:47+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T06:48:55+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-Springboot 3.18.3.P2", product: { name: "RHINT Camel-Springboot 3.18.3.P2", product_id: "RHINT Camel-Springboot 3.18.3.P2", product_identification_helper: { cpe: "cpe:/a:redhat:camel_spring_boot:3.18", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-25857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-09-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2126789", }, ], notes: [ { category: "description", text: "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", title: "Vulnerability summary", }, { category: "other", text: "For RHEL-8 it's downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn't shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it's not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-25857", }, { category: "external", summary: "RHBZ#2126789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126789", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-25857", url: "https://www.cve.org/CVERecord?id=CVE-2022-25857", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", }, ], release_date: "2022-08-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Denial of Service due to missing nested depth limitation for collections", }, { cve: "CVE-2022-38749", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129706", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38749", }, { category: "external", summary: "RHBZ#2129706", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129706", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38749", url: "https://www.cve.org/CVERecord?id=CVE-2022-38749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", }, { cve: "CVE-2022-38750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129707", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38750", }, { category: "external", summary: "RHBZ#2129707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38750", url: "https://www.cve.org/CVERecord?id=CVE-2022-38750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", }, { cve: "CVE-2022-38751", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129709", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38751", }, { category: "external", summary: "RHBZ#2129709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129709", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38751", url: "https://www.cve.org/CVERecord?id=CVE-2022-38751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", }, { cve: "CVE-2022-38752", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2129710", }, ], notes: [ { category: "description", text: "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", title: "Vulnerability description", }, { category: "summary", text: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38752", }, { category: "external", summary: "RHBZ#2129710", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129710", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38752", url: "https://www.cve.org/CVERecord?id=CVE-2022-38752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38752", }, ], release_date: "2022-09-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134291", }, ], notes: [ { category: "description", text: "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", title: "Vulnerability description", }, { category: "summary", text: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40152", }, { category: "external", summary: "RHBZ#2134291", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134291", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40152", url: "https://www.cve.org/CVERecord?id=CVE-2022-40152", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", }, { category: "external", summary: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", url: "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-40156", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-10-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2134288", }, ], notes: [ { category: "description", text: "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.", title: "Vulnerability description", }, { category: "summary", text: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40156", }, { category: "external", summary: "RHBZ#2134288", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134288", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40156", url: "https://www.cve.org/CVERecord?id=CVE-2022-40156", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40156", }, ], release_date: "2022-09-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks", }, { cve: "CVE-2022-41854", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2022-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151988", }, ], notes: [ { category: "description", text: "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", title: "Vulnerability description", }, { category: "summary", text: "dev-java/snakeyaml: DoS via stack overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41854", }, { category: "external", summary: "RHBZ#2151988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41854", url: "https://www.cve.org/CVERecord?id=CVE-2022-41854", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", }, { category: "external", summary: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", url: "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", }, { category: "external", summary: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", }, ], release_date: "2022-11-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dev-java/snakeyaml: DoS via stack overflow", }, { cve: "CVE-2022-42003", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135244", }, ], notes: [ { category: "description", text: "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42003", }, { category: "external", summary: "RHBZ#2135244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42003", url: "https://www.cve.org/CVERecord?id=CVE-2022-42003", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", }, { cve: "CVE-2022-42004", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-10-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2135247", }, ], notes: [ { category: "description", text: "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", title: "Vulnerability description", }, { category: "summary", text: "jackson-databind: use of deeply nested arrays", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42004", }, { category: "external", summary: "RHBZ#2135247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42004", url: "https://www.cve.org/CVERecord?id=CVE-2022-42004", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", }, ], release_date: "2022-10-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jackson-databind: use of deeply nested arrays", }, { cve: "CVE-2022-45047", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2145194", }, ], notes: [ { category: "description", text: "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", title: "Vulnerability description", }, { category: "summary", text: "mina-sshd: Java unsafe deserialization vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Impact as High as there's a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it's very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45047", }, { category: "external", summary: "RHBZ#2145194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2145194", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45047", url: "https://www.cve.org/CVERecord?id=CVE-2022-45047", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", }, { category: "external", summary: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", url: "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", }, ], release_date: "2022-11-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, { category: "workaround", details: "From the maintainer:\n\nFor Apache MINA SSHD <= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server's host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "mina-sshd: Java unsafe deserialization vulnerability", }, { cve: "CVE-2022-46363", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155681", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", title: "Vulnerability description", }, { category: "summary", text: "CXF: directory listing / code exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46363", }, { category: "external", summary: "RHBZ#2155681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155681", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46363", url: "https://www.cve.org/CVERecord?id=CVE-2022-46363", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", }, { category: "external", summary: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", url: "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: directory listing / code exfiltration", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-04-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188542", }, ], notes: [ { category: "description", text: "A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1370", }, { category: "external", summary: "RHBZ#2188542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1370", url: "https://www.cve.org/CVERecord?id=CVE-2023-1370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "https://github.com/advisories/GHSA-493p-pfq6-5258", url: "https://github.com/advisories/GHSA-493p-pfq6-5258", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", url: "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2023-03-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182788", }, ], notes: [ { category: "description", text: "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", title: "Vulnerability description", }, { category: "summary", text: "jettison: Uncontrolled Recursion in JSONArray", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1436", }, { category: "external", summary: "RHBZ#2182788", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182788", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1436", url: "https://www.cve.org/CVERecord?id=CVE-2023-1436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jettison: Uncontrolled Recursion in JSONArray", }, { cve: "CVE-2023-20883", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-05-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2209342", }, ], notes: [ { category: "description", text: "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-20883", }, { category: "external", summary: "RHBZ#2209342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2209342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-20883", url: "https://www.cve.org/CVERecord?id=CVE-2023-20883", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", }, ], release_date: "2023-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-06-15T15:23:47+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-Springboot 3.18.3.P2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:3641", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "RHINT Camel-Springboot 3.18.3.P2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-boot: Spring Boot Welcome Page DoS Vulnerability", }, ], }
fkie_cve-2023-1436
Vulnerability from fkie_nvd
Published
2023-03-22 06:15
Modified
2024-11-21 07:39
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| reefs@jfrog.com | https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jettison_project | jettison | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jettison_project:jettison:*:*:*:*:*:*:*:*", matchCriteriaId: "6DF803CA-88D7-4FA2-8D43-4602BB8441DD", versionEndExcluding: "1.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\n\n", }, ], id: "CVE-2023-1436", lastModified: "2024-11-21T07:39:11.013", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "reefs@jfrog.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-22T06:15:09.633", references: [ { source: "reefs@jfrog.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], sourceIdentifier: "reefs@jfrog.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "reefs@jfrog.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
wid-sec-w-2023-1808
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1808 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1808.json", }, { category: "self", summary: "WID-SEC-2023-1808 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1808", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Financial Services Applications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixIFLX", }, ], source_lang: "en-US", title: "Oracle Financial Services Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:51.752+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1808", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Financial Services Applications 8.1.0", product: { name: "Oracle Financial Services Applications 8.1.0", product_id: "T018983", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.3", product: { name: "Oracle Financial Services Applications <= 14.3", product_id: "T019887", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.1", product: { name: "Oracle Financial Services Applications 8.1.1", product_id: "T019891", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.7", product: { name: "Oracle Financial Services Applications 8.0.7", product_id: "T021676", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8", product: { name: "Oracle Financial Services Applications 8.0.8", product_id: "T021677", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.1.1", product: { name: "Oracle Financial Services Applications 8.1.1.1", product_id: "T022835", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8.1", product: { name: "Oracle Financial Services Applications 8.0.8.1", product_id: "T022844", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8.2", product: { name: "Oracle Financial Services Applications 8.0.8.2", product_id: "T024990", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.7", product: { name: "Oracle Financial Services Applications <= 14.7", product_id: "T027348", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.4", product: { name: "Oracle Financial Services Applications 8.1.2.4", product_id: "T027351", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.4", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.6", product: { name: "Oracle Financial Services Applications 14.6", product_id: "T027355", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.6", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 18.2.0.0.0", product: { name: "Oracle Financial Services Applications 18.2.0.0.0", product_id: "T028691", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:18.2.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 18.3.0.0.0", product: { name: "Oracle Financial Services Applications 18.3.0.0.0", product_id: "T028692", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:18.3.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.1.0.0.0", product: { name: "Oracle Financial Services Applications 19.1.0.0.0", product_id: "T028693", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.1.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.2.0.0.0", product: { name: "Oracle Financial Services Applications 19.2.0.0.0", product_id: "T028694", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.2.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 21.1.0.0.0", product: { name: "Oracle Financial Services Applications 21.1.0.0.0", product_id: "T028695", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:21.1.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.1.0.0.0", product: { name: "Oracle Financial Services Applications 22.1.0.0.0", product_id: "T028696", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.1.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.2.0.0.0", product: { name: "Oracle Financial Services Applications 22.2.0.0.0", product_id: "T028697", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.2.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0.2.0", product: { name: "Oracle Financial Services Applications 14.7.0.2.0", product_id: "T028698", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.2.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.1.0.0", product: { name: "Oracle Financial Services Applications 14.7.1.0.0", product_id: "T028699", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.1.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.5.0.8.0", product: { name: "Oracle Financial Services Applications 14.5.0.8.0", product_id: "T028700", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.5.0.8.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.6.0.4.0", product: { name: "Oracle Financial Services Applications 14.6.0.4.0", product_id: "T028701", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.6.0.4.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0.0.0", product: { name: "Oracle Financial Services Applications 14.7.0.0.0", product_id: "T028702", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.6.0.3.0", product: { name: "Oracle Financial Services Applications 14.6.0.3.0", product_id: "T028703", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.6.0.3.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0.1.0", product: { name: "Oracle Financial Services Applications 14.7.0.1.0", product_id: "T028704", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2", product: { name: "Oracle Financial Services Applications 8.1.2", product_id: "T028705", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.5", product: { name: "Oracle Financial Services Applications 8.1.2.5", product_id: "T028706", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.5", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0", product: { name: "Oracle Financial Services Applications 14.7.0", product_id: "T028707", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0", }, }, }, ], category: "product_name", name: "Financial Services Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-28708", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28708", }, { cve: "CVE-2023-28439", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28439", }, { cve: "CVE-2023-25194", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25194", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-48285", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-48285", }, { cve: "CVE-2022-46364", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-46364", }, { cve: "CVE-2022-45693", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45693", }, { cve: "CVE-2022-45199", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45199", }, { cve: "CVE-2022-45143", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45143", }, { cve: "CVE-2022-45047", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45047", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-33879", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-33879", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-31129", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-31129", }, { cve: "CVE-2022-2048", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-2048", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2020-13936", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-13936", }, ], }
wid-sec-w-2023-1791
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle Retail Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1791 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1791.json", }, { category: "self", summary: "WID-SEC-2023-1791 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1791", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Retail Applications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixRAPP", }, ], source_lang: "en-US", title: "Oracle Retail Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:46.587+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1791", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Retail Applications 15.0", product: { name: "Oracle Retail Applications 15.0", product_id: "T019031", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0", }, }, }, { category: "product_name", name: "Oracle Retail Applications 15.0.4", product: { name: "Oracle Retail Applications 15.0.4", product_id: "T019032", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0.4", }, }, }, { category: "product_name", name: "Oracle Retail Applications 16.0", product: { name: "Oracle Retail Applications 16.0", product_id: "T019033", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:16.0", }, }, }, { category: "product_name", name: "Oracle Retail Applications 16.0.3", product: { name: "Oracle Retail Applications 16.0.3", product_id: "T019034", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:16.0.3", }, }, }, { category: "product_name", name: "Oracle Retail Applications 19.0.1", product: { name: "Oracle Retail Applications 19.0.1", product_id: "T019038", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.0.1", }, }, }, { category: "product_name", name: "Oracle Retail Applications 15.0.3", product: { name: "Oracle Retail Applications 15.0.3", product_id: "T020721", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0.3", }, }, }, { category: "product_name", name: "Oracle Retail Applications 19.1", product: { name: "Oracle Retail Applications 19.1", product_id: "T021710", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.1", }, }, }, { category: "product_name", name: "Oracle Retail Applications 14.2.0", product: { name: "Oracle Retail Applications 14.2.0", product_id: "T028724", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:14.2.0", }, }, }, ], category: "product_name", name: "Retail Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, ], }
WID-SEC-W-2023-1793
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle PeopleSoft: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle PeopleSoft ist eine ERP Anwendung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle PeopleSoft ist eine ERP Anwendung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1793 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1793.json", }, { category: "self", summary: "WID-SEC-2023-1793 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1793", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle PeopleSoft vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixPS", }, ], source_lang: "en-US", title: "Oracle PeopleSoft: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:47.041+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1793", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle PeopleSoft 8.59", product: { name: "Oracle PeopleSoft 8.59", product_id: "T019905", product_identification_helper: { cpe: "cpe:/a:oracle:peoplesoft:8.59", }, }, }, { category: "product_name", name: "Oracle PeopleSoft 8.60", product: { name: "Oracle PeopleSoft 8.60", product_id: "T025008", product_identification_helper: { cpe: "cpe:/a:oracle:peoplesoft:8.60", }, }, }, ], category: "product_name", name: "PeopleSoft", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-23931", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-23931", }, { cve: "CVE-2023-22047", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22047", }, { cve: "CVE-2023-22014", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22014", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2022-45061", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45061", }, { cve: "CVE-2022-40897", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-40897", }, { cve: "CVE-2022-23491", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-23491", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-1471", }, ], }
WID-SEC-W-2023-1807
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-12-26 23:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1807 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1807.json", }, { category: "self", summary: "WID-SEC-2023-1807 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1807", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Fusion Middleware vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixFMW", }, { category: "external", summary: "Dell Security Advisory DSA-2023-409 vom 2023-12-23", url: "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=", }, ], source_lang: "en-US", title: "Oracle Fusion Middleware: Mehrere Schwachstellen", tracking: { current_release_date: "2023-12-26T23:00:00.000+00:00", generator: { date: "2024-08-15T17:55:51.397+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1807", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-26T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Dell aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Fusion Middleware 12.2.1.3.0", product: { name: "Oracle Fusion Middleware 12.2.1.3.0", product_id: "618028", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.3.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 12.2.1.4.0", product: { name: "Oracle Fusion Middleware 12.2.1.4.0", product_id: "751674", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.4.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 14.1.1.0.0", product: { name: "Oracle Fusion Middleware 14.1.1.0.0", product_id: "829576", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:14.1.1.0.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 9.1.0", product: { name: "Oracle Fusion Middleware 9.1.0", product_id: "T022847", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:9.1.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware < 11.1.2.3.1", product: { name: "Oracle Fusion Middleware < 11.1.2.3.1", product_id: "T028708", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:11.1.2.3.1", }, }, }, ], category: "product_name", name: "Fusion Middleware", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-26119", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-26119", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-25194", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25194", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-22899", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22899", }, { cve: "CVE-2023-22040", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22040", }, { cve: "CVE-2023-22031", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22031", }, { cve: "CVE-2023-21994", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-21994", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-20860", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20860", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-45047", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45047", }, { cve: "CVE-2022-43680", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-43680", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41853", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41853", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-33879", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-33879", }, { cve: "CVE-2022-31197", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-31197", }, { cve: "CVE-2022-29546", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-29546", }, { cve: "CVE-2022-25647", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-25647", }, { cve: "CVE-2022-24409", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-24409", }, { cve: "CVE-2022-23437", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-23437", }, { cve: "CVE-2021-46877", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-46877", }, { cve: "CVE-2021-43113", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-43113", }, { cve: "CVE-2021-42575", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-42575", }, { cve: "CVE-2021-41184", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-41184", }, { cve: "CVE-2021-4104", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-4104", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-36090", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-36090", }, { cve: "CVE-2021-34429", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-34429", }, { cve: "CVE-2021-33813", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-33813", }, { cve: "CVE-2021-29425", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-29425", }, { cve: "CVE-2021-28168", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-28168", }, { cve: "CVE-2021-26117", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-26117", }, { cve: "CVE-2021-23926", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-23926", }, { cve: "CVE-2020-8908", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-8908", }, { cve: "CVE-2020-36518", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-36518", }, { cve: "CVE-2020-17521", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-17521", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2020-13936", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-13936", }, ], }
wid-sec-w-2023-1793
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle PeopleSoft: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle PeopleSoft ist eine ERP Anwendung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle PeopleSoft ist eine ERP Anwendung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1793 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1793.json", }, { category: "self", summary: "WID-SEC-2023-1793 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1793", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle PeopleSoft vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixPS", }, ], source_lang: "en-US", title: "Oracle PeopleSoft: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:47.041+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1793", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle PeopleSoft 8.59", product: { name: "Oracle PeopleSoft 8.59", product_id: "T019905", product_identification_helper: { cpe: "cpe:/a:oracle:peoplesoft:8.59", }, }, }, { category: "product_name", name: "Oracle PeopleSoft 8.60", product: { name: "Oracle PeopleSoft 8.60", product_id: "T025008", product_identification_helper: { cpe: "cpe:/a:oracle:peoplesoft:8.60", }, }, }, ], category: "product_name", name: "PeopleSoft", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-23931", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-23931", }, { cve: "CVE-2023-22047", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22047", }, { cve: "CVE-2023-22014", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22014", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2022-45061", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45061", }, { cve: "CVE-2022-40897", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-40897", }, { cve: "CVE-2022-23491", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-23491", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025008", "T019905", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-1471", }, ], }
WID-SEC-W-2023-1791
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle Retail Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1791 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1791.json", }, { category: "self", summary: "WID-SEC-2023-1791 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1791", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Retail Applications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixRAPP", }, ], source_lang: "en-US", title: "Oracle Retail Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:46.587+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1791", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Retail Applications 15.0", product: { name: "Oracle Retail Applications 15.0", product_id: "T019031", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0", }, }, }, { category: "product_name", name: "Oracle Retail Applications 15.0.4", product: { name: "Oracle Retail Applications 15.0.4", product_id: "T019032", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0.4", }, }, }, { category: "product_name", name: "Oracle Retail Applications 16.0", product: { name: "Oracle Retail Applications 16.0", product_id: "T019033", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:16.0", }, }, }, { category: "product_name", name: "Oracle Retail Applications 16.0.3", product: { name: "Oracle Retail Applications 16.0.3", product_id: "T019034", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:16.0.3", }, }, }, { category: "product_name", name: "Oracle Retail Applications 19.0.1", product: { name: "Oracle Retail Applications 19.0.1", product_id: "T019038", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.0.1", }, }, }, { category: "product_name", name: "Oracle Retail Applications 15.0.3", product: { name: "Oracle Retail Applications 15.0.3", product_id: "T020721", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0.3", }, }, }, { category: "product_name", name: "Oracle Retail Applications 19.1", product: { name: "Oracle Retail Applications 19.1", product_id: "T021710", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.1", }, }, }, { category: "product_name", name: "Oracle Retail Applications 14.2.0", product: { name: "Oracle Retail Applications 14.2.0", product_id: "T028724", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:14.2.0", }, }, }, ], category: "product_name", name: "Retail Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019038", "T021710", "T020721", "T028724", "T019032", "T019031", "T019034", "T019033", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, ], }
WID-SEC-W-2024-0671
Vulnerability from csaf_certbund
Published
2024-03-19 23:00
Modified
2024-11-24 23:00
Summary
Atlassian Jira Software: Mehrere Schwachstellen ermöglichen Codeausführung und DoS
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Jira ist eine Webanwendung zur Softwareentwicklung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0671 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0671.json", }, { category: "self", summary: "WID-SEC-2024-0671 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0671", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-03-19", url: "https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html", }, ], source_lang: "en-US", title: "Atlassian Jira Software: Mehrere Schwachstellen ermöglichen Codeausführung und DoS", tracking: { current_release_date: "2024-11-24T23:00:00.000+00:00", generator: { date: "2024-11-25T09:15:33.636+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0671", initial_release_date: "2024-03-19T23:00:00.000+00:00", revision_history: [ { date: "2024-03-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-03-20T23:00:00.000+00:00", number: "2", summary: "CVSS korrigiert", }, { date: "2024-11-24T23:00:00.000+00:00", number: "3", summary: "Produktzuordnung überprüft", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "Data Center and Server <9.14.1", product: { name: "Atlassian Jira Software Data Center and Server <9.14.1", product_id: "T033559", }, }, { category: "product_version", name: "Data Center and Server 9.14.1", product: { name: "Atlassian Jira Software Data Center and Server 9.14.1", product_id: "T033559-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.14.1", }, }, }, { category: "product_version_range", name: "Data Center <9.14.0", product: { name: "Atlassian Jira Software Data Center <9.14.0", product_id: "T033561", }, }, { category: "product_version", name: "Data Center 9.14.0", product: { name: "Atlassian Jira Software Data Center 9.14.0", product_id: "T033561-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center__9.14.0", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.13.1", product: { name: "Atlassian Jira Software Data Center and Server <9.13.1", product_id: "T033563", }, }, { category: "product_version", name: "Data Center and Server 9.13.1", product: { name: "Atlassian Jira Software Data Center and Server 9.13.1", product_id: "T033563-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.13.1", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.12.5", product: { name: "Atlassian Jira Software Data Center and Server <9.12.5", product_id: "T033564", }, }, { category: "product_version", name: "Data Center and Server 9.12.5", product: { name: "Atlassian Jira Software Data Center and Server 9.12.5", product_id: "T033564-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.12.5", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.4.18", product: { name: "Atlassian Jira Software Data Center and Server <9.4.18", product_id: "T033566", }, }, { category: "product_version", name: "Data Center and Server 9.4.18", product: { name: "Atlassian Jira Software Data Center and Server 9.4.18", product_id: "T033566-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.4.18", }, }, }, ], category: "product_name", name: "Jira Software", }, ], category: "vendor", name: "Atlassian", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24839", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-24839", }, { cve: "CVE-2022-28366", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-28366", }, { cve: "CVE-2022-29546", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-29546", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-3509", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-3509", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-40149", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40149", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-41704", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-41704", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-45685", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-45685", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-34453", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34453", }, { cve: "CVE-2023-34454", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34454", }, { cve: "CVE-2023-34455", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34455", }, { cve: "CVE-2023-39410", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-39410", }, { cve: "CVE-2023-43642", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-43642", }, { cve: "CVE-2023-5072", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-5072", }, ], }
WID-SEC-W-2024-0888
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-04-16 22:00
Summary
Oracle Systems: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Systems umfasst eine Sammlung von Hardware, Betriebssystemen, Servern und Anwendungen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Oracle Systems ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Systems umfasst eine Sammlung von Hardware, Betriebssystemen, Servern und Anwendungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Oracle Systems ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0888 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0888.json", }, { category: "self", summary: "WID-SEC-2024-0888 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0888", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Systems vom 2024-04-16", url: "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixSUNS", }, ], source_lang: "en-US", title: "Oracle Systems: Mehrere Schwachstellen", tracking: { current_release_date: "2024-04-16T22:00:00.000+00:00", generator: { date: "2024-08-15T18:07:45.335+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0888", initial_release_date: "2024-04-16T22:00:00.000+00:00", revision_history: [ { date: "2024-04-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "8.8", product: { name: "Oracle Systems 8.8", product_id: "T019057", product_identification_helper: { cpe: "cpe:/a:oracle:systems:8.8", }, }, }, { category: "product_version", name: "11", product: { name: "Oracle Systems 11", product_id: "T019059", product_identification_helper: { cpe: "cpe:/a:oracle:systems:11", }, }, }, { category: "product_version", name: "4", product: { name: "Oracle Systems 4", product_id: "T022889", product_identification_helper: { cpe: "cpe:/a:oracle:systems:4", }, }, }, { category: "product_version", name: "2.5", product: { name: "Oracle Systems 2.5", product_id: "T034196", product_identification_helper: { cpe: "cpe:/a:oracle:systems:2.5", }, }, }, ], category: "product_name", name: "Systems", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2020-35168", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2020-35168", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2022-24839", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-24839", }, { cve: "CVE-2022-34381", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-34381", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2024-20999", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-20999", }, { cve: "CVE-2024-21059", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21059", }, { cve: "CVE-2024-21104", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21104", }, { cve: "CVE-2024-21105", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21105", }, ], }
WID-SEC-W-2023-1804
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle Insurance Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Insurance Applications ist eine Produktfamilie mit Lösungen für die Versicherungsbranche.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Insurance Applications ausnutzen, um die Vertraulichkeit und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Insurance Applications ist eine Produktfamilie mit Lösungen für die Versicherungsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Insurance Applications ausnutzen, um die Vertraulichkeit und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1804 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1804.json", }, { category: "self", summary: "WID-SEC-2023-1804 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1804", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Insurance Applications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixINSU", }, ], source_lang: "en-US", title: "Oracle Insurance Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:50.645+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1804", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Oracle Insurance Applications <= 12.7.1", product: { name: "Oracle Insurance Applications <= 12.7.1", product_id: "T028713", product_identification_helper: { cpe: "cpe:/a:oracle:insurance_applications:12.7.1", }, }, }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { last_affected: [ "T028713", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { last_affected: [ "T028713", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { last_affected: [ "T028713", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, ], }
WID-SEC-W-2024-0124
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0124 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0124.json", }, { category: "self", summary: "WID-SEC-2024-0124 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0124", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Financial Services Applications vom 2024-01-16", url: "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixIFLX", }, ], source_lang: "en-US", title: "Oracle Financial Services Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-16T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:50.294+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0124", initial_release_date: "2024-01-16T23:00:00.000+00:00", revision_history: [ { date: "2024-01-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Financial Services Applications 2.7.1", product: { name: "Oracle Financial Services Applications 2.7.1", product_id: "T018979", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.7.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.8.0", product: { name: "Oracle Financial Services Applications 2.8.0", product_id: "T018980", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.8.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.9.0", product: { name: "Oracle Financial Services Applications 2.9.0", product_id: "T018981", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.9.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.0", product: { name: "Oracle Financial Services Applications 8.1.0", product_id: "T018983", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.9", product: { name: "Oracle Financial Services Applications 8.0.9", product_id: "T019890", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.9", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.1", product: { name: "Oracle Financial Services Applications 8.1.1", product_id: "T019891", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.7", product: { name: "Oracle Financial Services Applications 8.0.7", product_id: "T021676", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8", product: { name: "Oracle Financial Services Applications 8.0.8", product_id: "T021677", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.1.1", product: { name: "Oracle Financial Services Applications 8.1.1.1", product_id: "T022835", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8.1", product: { name: "Oracle Financial Services Applications 8.0.8.1", product_id: "T022844", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8.2", product: { name: "Oracle Financial Services Applications 8.0.8.2", product_id: "T024990", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.9.1", product: { name: "Oracle Financial Services Applications 2.9.1", product_id: "T027359", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.9.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2", product: { name: "Oracle Financial Services Applications 8.1.2", product_id: "T028705", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.5", product: { name: "Oracle Financial Services Applications 8.1.2.5", product_id: "T028706", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.5", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.7.0", product: { name: "Oracle Financial Services Applications <= 14.7.0", product_id: "T028707", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.1.0", product: { name: "Oracle Financial Services Applications 22.1.0", product_id: "T032101", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.2.0", product: { name: "Oracle Financial Services Applications 22.2.0", product_id: "T032102", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.2.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 21.1.0", product: { name: "Oracle Financial Services Applications 21.1.0", product_id: "T032103", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:21.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.6", product: { name: "Oracle Financial Services Applications 8.1.2.6", product_id: "T032104", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.6", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.1.0", product: { name: "Oracle Financial Services Applications 19.1.0", product_id: "T032105", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 5.0.0", product: { name: "Oracle Financial Services Applications 5.0.0", product_id: "T032106", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:5.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 5.1.0", product: { name: "Oracle Financial Services Applications 5.1.0", product_id: "T032107", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:5.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 3.2.0", product: { name: "Oracle Financial Services Applications <= 3.2.0", product_id: "T032108", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:3.2.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 4.0.0", product: { name: "Oracle Financial Services Applications 4.0.0", product_id: "T032109", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:4.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 6.0.0", product: { name: "Oracle Financial Services Applications 6.0.0", product_id: "T032110", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:6.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0.3.0", product: { name: "Oracle Financial Services Applications 14.7.0.3.0", product_id: "T032111", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.3.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 3.0.0", product: { name: "Oracle Financial Services Applications 3.0.0", product_id: "T032112", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:3.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 3.1.0", product: { name: "Oracle Financial Services Applications 3.1.0", product_id: "T032113", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:3.1.0", }, }, }, ], category: "product_name", name: "Financial Services Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5072", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-5072", }, { cve: "CVE-2023-46604", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-46604", }, { cve: "CVE-2023-44483", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-44483", }, { cve: "CVE-2023-42503", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-42503", }, { cve: "CVE-2023-34034", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-34034", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-2618", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-2618", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-21901", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-21901", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-44729", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-44729", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-36944", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-36944", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-22979", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-22979", }, { cve: "CVE-2022-22969", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-22969", }, { cve: "CVE-2020-5410", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2020-5410", }, { cve: "CVE-2020-15250", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2020-15250", }, ], }
wid-sec-w-2023-1804
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle Insurance Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Insurance Applications ist eine Produktfamilie mit Lösungen für die Versicherungsbranche.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Insurance Applications ausnutzen, um die Vertraulichkeit und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Insurance Applications ist eine Produktfamilie mit Lösungen für die Versicherungsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Insurance Applications ausnutzen, um die Vertraulichkeit und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1804 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1804.json", }, { category: "self", summary: "WID-SEC-2023-1804 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1804", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Insurance Applications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixINSU", }, ], source_lang: "en-US", title: "Oracle Insurance Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:50.645+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1804", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Oracle Insurance Applications <= 12.7.1", product: { name: "Oracle Insurance Applications <= 12.7.1", product_id: "T028713", product_identification_helper: { cpe: "cpe:/a:oracle:insurance_applications:12.7.1", }, }, }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { last_affected: [ "T028713", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { last_affected: [ "T028713", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Insurance Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { last_affected: [ "T028713", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, ], }
WID-SEC-W-2023-1142
Vulnerability from csaf_certbund
Published
2023-05-03 22:00
Modified
2024-02-28 23:00
Summary
Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1142 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1142.json", }, { category: "self", summary: "WID-SEC-2023-1142 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1142", }, { category: "external", summary: "RedHat Security Advisory vom 2023-05-03", url: "https://access.redhat.com/errata/RHSA-2023:2100", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3179 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3179", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3193 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3193", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15", url: "https://access.redhat.com/errata/RHSA-2023:3622", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3667 vom 2023-06-19", url: "https://access.redhat.com/errata/RHSA-2023:3667", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3626 vom 2023-06-23", url: "https://access.redhat.com/errata/RHSA-2023:3626", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3625 vom 2023-06-23", url: "https://access.redhat.com/errata/RHSA-2023:3625", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3906 vom 2023-06-28", url: "https://access.redhat.com/errata/RHSA-2023:3906", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29", url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2165 vom 2023-07-26", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4506 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4506", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4507 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4507", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4505 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4505", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4509 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4509", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4612 vom 2023-08-16", url: "https://access.redhat.com/errata/RHSA-2023:4612", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4919 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4919", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4921 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4921", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4924 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4924", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4918 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4918", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4920 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4920", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:7670 vom 2023-12-06", url: "https://access.redhat.com/errata/RHSA-2023:7670", }, { category: "external", summary: "Dell Security Advisory DSA-2023-300 vom 2023-12-22", url: "https://www.dell.com/support/kbdoc/000220649/dsa-2023-=", }, { category: "external", summary: "Dell Security Advisory DSA-2023-409 vom 2023-12-23", url: "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-1910 vom 2024-01-23", url: "https://alas.aws.amazon.com/ALAS-2024-1910.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28", url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], source_lang: "en-US", title: "Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen", tracking: { current_release_date: "2024-02-28T23:00:00.000+00:00", generator: { date: "2024-08-15T17:50:22.698+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1142", initial_release_date: "2023-05-03T22:00:00.000+00:00", revision_history: [ { date: "2023-05-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-05-18T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-15T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-25T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-28T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-29T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-07-25T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-08-07T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-08-16T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-08-31T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-12-06T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-12-21T23:00:00.000+00:00", number: "13", summary: "Neue Updates von Dell aufgenommen", }, { date: "2023-12-26T23:00:00.000+00:00", number: "14", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-01-22T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-02-28T23:00:00.000+00:00", number: "16", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "16", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Dell NetWorker", product: { name: "Dell NetWorker", product_id: "T024663", product_identification_helper: { cpe: "cpe:/a:dell:networker:-", }, }, }, ], category: "vendor", name: "Dell", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version_range", name: "Integration Camel for Spring Boot < 3.20.1", product: { name: "Red Hat Enterprise Linux Integration Camel for Spring Boot < 3.20.1", product_id: "T027614", }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version", name: "Camel Extensions for Quarkus 1", product: { name: "Red Hat Integration Camel Extensions for Quarkus 1", product_id: "T026453", product_identification_helper: { cpe: "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1", }, }, }, ], category: "product_name", name: "Integration", }, { branches: [ { category: "product_version_range", name: "Container Platform < 4.10.62", product: { name: "Red Hat OpenShift Container Platform < 4.10.62", product_id: "T028308", }, }, { category: "product_version", name: "Application Runtimes", product: { name: "Red Hat OpenShift Application Runtimes", product_id: "T029341", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:application_runtimes", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-22602", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-22602", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-20860", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-20860", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-4492", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-4492", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-41854", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41854", }, { cve: "CVE-2022-41853", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41853", }, { cve: "CVE-2022-41852", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41852", }, { cve: "CVE-2022-41704", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41704", }, { cve: "CVE-2022-40156", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40156", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-40151", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40151", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-39368", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-39368", }, { cve: "CVE-2022-38752", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38752", }, { cve: "CVE-2022-38751", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38751", }, { cve: "CVE-2022-38750", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38750", }, { cve: "CVE-2022-38749", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38749", }, { cve: "CVE-2022-38648", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38648", }, { cve: "CVE-2022-38398", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38398", }, { cve: "CVE-2022-37866", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-37866", }, { cve: "CVE-2022-37865", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-37865", }, { cve: "CVE-2022-33681", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-33681", }, { cve: "CVE-2022-31777", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-31777", }, { cve: "CVE-2022-25857", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-25857", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2021-37533", }, ], }
wid-sec-w-2024-0120
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle JD Edwards: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Komponenten der Oracle JDEdwards sind vollständig integrierte und komplette Lösungen geschäftlicher Anwendungen (ERP) für Unternehmen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle JD Edwards ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Die Komponenten der Oracle JDEdwards sind vollständig integrierte und komplette Lösungen geschäftlicher Anwendungen (ERP) für Unternehmen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle JD Edwards ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0120 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0120.json", }, { category: "self", summary: "WID-SEC-2024-0120 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0120", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle JD Edwards vom 2024-01-16", url: "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJDE", }, ], source_lang: "en-US", title: "Oracle JD Edwards: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-16T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:47.894+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0120", initial_release_date: "2024-01-16T23:00:00.000+00:00", revision_history: [ { date: "2024-01-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle JD Edwards < 9.2.8.1", product: { name: "Oracle JD Edwards < 9.2.8.1", product_id: "T032147", product_identification_helper: { cpe: "cpe:/a:oracle:jd_edwards_enterpriseone:9.2.8.1", }, }, }, { category: "product_name", name: "Oracle JD Edwards < 9.2.8.0", product: { name: "Oracle JD Edwards < 9.2.8.0", product_id: "T032148", product_identification_helper: { cpe: "cpe:/a:oracle:jd_edwards_enterpriseone:9.2.8.0", }, }, }, ], category: "product_name", name: "JD Edwards", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2024-20957", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20957", }, { cve: "CVE-2024-20937", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20937", }, { cve: "CVE-2024-20905", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20905", }, { cve: "CVE-2023-32002", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-32002", }, { cve: "CVE-2023-28756", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-28756", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-3479", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-3479", }, ], }
WID-SEC-W-2024-0892
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-04-16 22:00
Summary
Oracle Retail Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0892 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0892.json", }, { category: "self", summary: "WID-SEC-2024-0892 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0892", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Retail Applications vom 2024-04-16", url: "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixRAPP", }, ], source_lang: "en-US", title: "Oracle Retail Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-04-16T22:00:00.000+00:00", generator: { date: "2024-08-15T18:07:46.143+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0892", initial_release_date: "2024-04-16T22:00:00.000+00:00", revision_history: [ { date: "2024-04-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "16.0.3", product: { name: "Oracle Retail Applications 16.0.3", product_id: "T019034", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:16.0.3", }, }, }, { category: "product_version", name: "19.0.1", product: { name: "Oracle Retail Applications 19.0.1", product_id: "T019038", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.0.1", }, }, }, { category: "product_version", name: "15.0.3.1", product: { name: "Oracle Retail Applications 15.0.3.1", product_id: "T019909", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0.3.1", }, }, }, { category: "product_version", name: "14.1.3.2", product: { name: "Oracle Retail Applications 14.1.3.2", product_id: "T019910", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:14.1.3.2", }, }, }, { category: "product_version", name: "14.1.3", product: { name: "Oracle Retail Applications 14.1.3", product_id: "T020720", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:14.1.3", }, }, }, { category: "product_version", name: "15.0.3", product: { name: "Oracle Retail Applications 15.0.3", product_id: "T020721", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0.3", }, }, }, { category: "product_version", name: "14.1.3.1", product: { name: "Oracle Retail Applications 14.1.3.1", product_id: "T034182", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:14.1.3.1", }, }, }, { category: "product_version", name: "19.0.5", product: { name: "Oracle Retail Applications 19.0.5", product_id: "T034183", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.0.5", }, }, }, { category: "product_version", name: "20.0.4", product: { name: "Oracle Retail Applications 20.0.4", product_id: "T034184", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:20.0.4", }, }, }, { category: "product_version", name: "21.0.3", product: { name: "Oracle Retail Applications 21.0.3", product_id: "T034185", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:21.0.3", }, }, }, { category: "product_version", name: "22.0.1", product: { name: "Oracle Retail Applications 22.0.1", product_id: "T034186", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:22.0.1", }, }, }, { category: "product_version", name: "23.0.1", product: { name: "Oracle Retail Applications 23.0.1", product_id: "T034187", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:23.0.1", }, }, }, { category: "product_version", name: "19.0.0.9", product: { name: "Oracle Retail Applications 19.0.0.9", product_id: "T034188", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.0.0.9", }, }, }, ], category: "product_name", name: "Retail Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2022-34381", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-34381", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-46337", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-46337", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-34981", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34981", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, ], }
wid-sec-w-2023-2674
Vulnerability from csaf_certbund
Published
2023-10-17 22:00
Modified
2023-12-26 23:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2674 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2674.json", }, { category: "self", summary: "WID-SEC-2023-2674 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2674", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Fusion Middleware vom 2023-10-17", url: "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixFMW", }, { category: "external", summary: "Dell Security Advisory DSA-2023-409 vom 2023-12-23", url: "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=", }, ], source_lang: "en-US", title: "Oracle Fusion Middleware: Mehrere Schwachstellen", tracking: { current_release_date: "2023-12-26T23:00:00.000+00:00", generator: { date: "2024-08-15T17:59:59.153+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2674", initial_release_date: "2023-10-17T22:00:00.000+00:00", revision_history: [ { date: "2023-10-17T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-26T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Dell aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Fusion Middleware 12.2.1.3.0", product: { name: "Oracle Fusion Middleware 12.2.1.3.0", product_id: "618028", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.3.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 12.2.1.4.0", product: { name: "Oracle Fusion Middleware 12.2.1.4.0", product_id: "751674", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.4.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 14.1.1.0.0", product: { name: "Oracle Fusion Middleware 14.1.1.0.0", product_id: "829576", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:14.1.1.0.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 8.5.6", product: { name: "Oracle Fusion Middleware 8.5.6", product_id: "T024993", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:8.5.6", }, }, }, ], category: "product_name", name: "Fusion Middleware", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39022", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-39022", }, { cve: "CVE-2023-35887", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-35887", }, { cve: "CVE-2023-35116", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-35116", }, { cve: "CVE-2023-34462", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-34462", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-28708", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-28708", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-22127", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22127", }, { cve: "CVE-2023-22126", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22126", }, { cve: "CVE-2023-22108", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22108", }, { cve: "CVE-2023-22101", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22101", }, { cve: "CVE-2023-22089", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22089", }, { cve: "CVE-2023-22086", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22086", }, { cve: "CVE-2023-22072", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22072", }, { cve: "CVE-2023-22069", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22069", }, { cve: "CVE-2023-22019", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22019", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-45690", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-45690", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-44729", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-44729", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-37436", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-37436", }, { cve: "CVE-2022-29599", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-29599", }, { cve: "CVE-2022-29546", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-29546", }, { cve: "CVE-2022-24839", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-24839", }, { cve: "CVE-2022-23491", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-23491", }, { cve: "CVE-2021-37714", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-37714", }, { cve: "CVE-2021-37136", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-37136", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-28165", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-28165", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2019-10086", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2019-10086", }, ], }
wid-sec-w-2024-0794
Vulnerability from csaf_certbund
Published
2024-04-04 22:00
Modified
2024-11-27 23:00
Summary
Dell ECS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Dell ECS ist ein Objektspeichersystem.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Dell ECS ist ein Objektspeichersystem.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0794 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json", }, { category: "self", summary: "WID-SEC-2024-0794 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794", }, { category: "external", summary: "Dell Security Advisory DSA-2024-141 vom 2024-04-04", url: "https://www.dell.com/support/kbdoc/000223839/dsa-2024-=", }, ], source_lang: "en-US", title: "Dell ECS: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-27T23:00:00.000+00:00", generator: { date: "2024-11-28T11:39:04.623+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0794", initial_release_date: "2024-04-04T22:00:00.000+00:00", revision_history: [ { date: "2024-04-04T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-11-27T23:00:00.000+00:00", number: "2", summary: "Produktzuordnung überprüft", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<3.8.1.0", product: { name: "Dell ECS <3.8.1.0", product_id: "T033919", }, }, { category: "product_version", name: "3.8.1.0", product: { name: "Dell ECS 3.8.1.0", product_id: "T033919-fixed", product_identification_helper: { cpe: "cpe:/h:dell:ecs:3.8.1.0", }, }, }, ], category: "product_name", name: "ECS", }, ], category: "vendor", name: "Dell", }, ], }, vulnerabilities: [ { cve: "CVE-2018-18074", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2018-18074", }, { cve: "CVE-2020-10663", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10663", }, { cve: "CVE-2020-10672", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10672", }, { cve: "CVE-2020-10673", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10673", }, { cve: "CVE-2020-10735", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10735", }, { cve: "CVE-2020-10968", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10968", }, { cve: "CVE-2020-10969", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10969", }, { cve: "CVE-2020-11111", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11111", }, { cve: "CVE-2020-11112", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11112", }, { cve: "CVE-2020-11113", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11113", }, { cve: "CVE-2020-11612", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11612", }, { cve: "CVE-2020-11619", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11619", }, { cve: "CVE-2020-11620", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11620", }, { cve: "CVE-2020-11979", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11979", }, { cve: "CVE-2020-12762", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-12762", }, { cve: "CVE-2020-12825", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-12825", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2020-14060", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-14060", }, { cve: "CVE-2020-14061", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-14061", }, { cve: "CVE-2020-14062", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-14062", }, { cve: "CVE-2020-14195", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-14195", }, { cve: "CVE-2020-15250", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-15250", }, { cve: "CVE-2020-1945", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-1945", }, { cve: "CVE-2020-1967", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-1967", }, { cve: "CVE-2020-1971", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-1971", }, { cve: "CVE-2020-24616", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-24616", }, { cve: "CVE-2020-24750", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-24750", }, { cve: "CVE-2020-25649", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-25649", }, { cve: "CVE-2020-25658", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-25658", }, { cve: "CVE-2020-26116", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-26116", }, { cve: "CVE-2020-26137", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-26137", }, { cve: "CVE-2020-26541", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-26541", }, { cve: "CVE-2020-27216", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-27216", }, { cve: "CVE-2020-27218", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-27218", }, { cve: "CVE-2020-27223", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-27223", }, { cve: "CVE-2020-28366", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-28366", }, { cve: "CVE-2020-28493", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-28493", }, { cve: "CVE-2020-29509", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-29509", }, { cve: "CVE-2020-29511", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-29511", }, { cve: "CVE-2020-29582", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-29582", }, { cve: "CVE-2020-29651", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-29651", }, { cve: "CVE-2020-35490", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-35490", }, { cve: "CVE-2020-35491", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-35491", }, { cve: "CVE-2020-35728", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-35728", }, { cve: "CVE-2020-36179", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36179", }, { cve: "CVE-2020-36180", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36180", }, { cve: "CVE-2020-36181", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36181", }, { cve: "CVE-2020-36182", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36182", }, { cve: "CVE-2020-36183", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36183", }, { cve: "CVE-2020-36184", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36184", }, { cve: "CVE-2020-36185", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36185", }, { cve: "CVE-2020-36186", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36186", }, { cve: "CVE-2020-36187", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36187", }, { cve: "CVE-2020-36188", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36188", }, { cve: "CVE-2020-36189", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36189", }, { cve: "CVE-2020-36516", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36516", }, { cve: "CVE-2020-36518", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36518", }, { cve: "CVE-2020-36557", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36557", }, { cve: "CVE-2020-36558", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36558", }, { cve: "CVE-2020-36691", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36691", }, { cve: "CVE-2020-7238", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-7238", }, { cve: "CVE-2020-8840", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-8840", }, { cve: "CVE-2020-8908", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-8908", }, { cve: "CVE-2020-8911", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-8911", }, { cve: "CVE-2020-8912", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-8912", }, { cve: "CVE-2020-9488", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9488", }, { cve: "CVE-2020-9493", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9493", }, { cve: "CVE-2020-9546", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9546", }, { cve: "CVE-2020-9547", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9547", }, { cve: "CVE-2020-9548", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9548", }, { cve: "CVE-2021-20190", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-20190", }, { cve: "CVE-2021-20323", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-20323", }, { cve: "CVE-2021-21290", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-21290", }, { cve: "CVE-2021-21295", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-21295", }, { cve: "CVE-2021-21409", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-21409", }, { cve: "CVE-2021-23840", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-23840", }, { cve: "CVE-2021-23841", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-23841", }, { cve: "CVE-2021-2471", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-2471", }, { cve: "CVE-2021-25642", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-25642", }, { cve: "CVE-2021-26341", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-26341", }, { cve: "CVE-2021-27918", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-27918", }, { cve: "CVE-2021-28153", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-28153", }, { cve: "CVE-2021-28165", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-28165", }, { cve: "CVE-2021-28169", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-28169", }, { cve: "CVE-2021-28861", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-28861", }, { cve: "CVE-2021-29425", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-29425", }, { cve: "CVE-2021-30560", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-30560", }, { cve: "CVE-2021-3114", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3114", }, { cve: "CVE-2021-33036", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33036", }, { cve: "CVE-2021-33194", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33194", }, { cve: "CVE-2021-33195", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33195", }, { cve: "CVE-2021-33196", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33196", }, { cve: "CVE-2021-33197", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33197", }, { cve: "CVE-2021-33503", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33503", }, { cve: "CVE-2021-33655", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33655", }, { cve: "CVE-2021-33656", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33656", }, { cve: "CVE-2021-3424", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3424", }, { cve: "CVE-2021-34428", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-34428", }, { cve: "CVE-2021-3449", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3449", }, { cve: "CVE-2021-3450", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3450", }, { cve: "CVE-2021-3530", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3530", }, { cve: "CVE-2021-36221", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-36221", }, { cve: "CVE-2021-36373", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-36373", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-3648", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3648", }, { cve: "CVE-2021-36690", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-36690", }, { cve: "CVE-2021-3711", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3711", }, { cve: "CVE-2021-3712", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3712", }, { cve: "CVE-2021-37136", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-37136", }, { cve: "CVE-2021-37137", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-37137", }, { cve: "CVE-2021-37404", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-37404", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2021-3754", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3754", }, { cve: "CVE-2021-3778", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3778", }, { cve: "CVE-2021-3796", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3796", }, { cve: "CVE-2021-3826", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3826", }, { cve: "CVE-2021-3827", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3827", }, { cve: "CVE-2021-38297", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-38297", }, { cve: "CVE-2021-3872", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3872", }, { cve: "CVE-2021-3875", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3875", }, { cve: "CVE-2021-3903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3903", }, { cve: "CVE-2021-3923", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3923", }, { cve: "CVE-2021-3927", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3927", }, { cve: "CVE-2021-3928", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3928", }, { cve: "CVE-2021-3968", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3968", }, { cve: "CVE-2021-3973", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3973", }, { cve: "CVE-2021-3974", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3974", }, { cve: "CVE-2021-3984", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3984", }, { cve: "CVE-2021-4019", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4019", }, { cve: "CVE-2021-4037", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4037", }, { cve: "CVE-2021-4069", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4069", }, { cve: "CVE-2021-4104", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4104", }, { cve: "CVE-2021-4136", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4136", }, { cve: "CVE-2021-4157", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4157", }, { cve: "CVE-2021-4166", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4166", }, { cve: "CVE-2021-41771", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-41771", }, { cve: "CVE-2021-4192", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4192", }, { cve: "CVE-2021-4193", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4193", }, { cve: "CVE-2021-4203", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4203", }, { cve: "CVE-2021-42567", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-42567", }, { cve: "CVE-2021-43797", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-43797", }, { cve: "CVE-2021-44531", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44531", }, { cve: "CVE-2021-44532", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44532", }, { cve: "CVE-2021-44533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44533", }, { cve: "CVE-2021-44716", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44716", }, { cve: "CVE-2021-44878", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44878", }, { cve: "CVE-2021-45078", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-45078", }, { cve: "CVE-2021-46195", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-46195", }, { cve: "CVE-2021-46828", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-46828", }, { cve: "CVE-2021-46848", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-46848", }, { cve: "CVE-2022-0128", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0128", }, { cve: "CVE-2022-0213", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0213", }, { cve: "CVE-2022-0225", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0225", }, { cve: "CVE-2022-0261", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0261", }, { cve: "CVE-2022-0318", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0318", }, { cve: "CVE-2022-0319", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0319", }, { cve: "CVE-2022-0351", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0351", }, { cve: "CVE-2022-0359", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0359", }, { cve: "CVE-2022-0361", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0361", }, { cve: "CVE-2022-0392", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0392", }, { cve: "CVE-2022-0407", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0407", }, { cve: "CVE-2022-0413", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0413", }, { cve: "CVE-2022-0561", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0561", }, { cve: "CVE-2022-0696", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0696", }, { cve: "CVE-2022-0778", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0778", }, { cve: "CVE-2022-1184", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1184", }, { cve: "CVE-2022-1245", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1245", }, { cve: "CVE-2022-1271", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1271", }, { cve: "CVE-2022-1292", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1292", }, { cve: "CVE-2022-1381", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1381", }, { cve: "CVE-2022-1420", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1420", }, { cve: "CVE-2022-1462", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1462", }, { cve: "CVE-2022-1466", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1466", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2022-1586", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1586", }, { cve: "CVE-2022-1587", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1587", }, { cve: "CVE-2022-1616", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1616", }, { cve: "CVE-2022-1619", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1619", }, { cve: "CVE-2022-1620", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1620", }, { cve: "CVE-2022-1679", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1679", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2022-1720", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1720", }, { cve: "CVE-2022-1729", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1729", }, { cve: "CVE-2022-1733", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1733", }, { cve: "CVE-2022-1735", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1735", }, { cve: "CVE-2022-1771", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1771", }, { cve: "CVE-2022-1785", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1785", }, { cve: "CVE-2022-1796", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1796", }, { cve: "CVE-2022-1851", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1851", }, { cve: "CVE-2022-1897", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1897", }, { cve: "CVE-2022-1898", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1898", }, { cve: "CVE-2022-1927", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1927", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-1968", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1968", }, { cve: "CVE-2022-1974", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1974", }, { cve: "CVE-2022-1975", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1975", }, { cve: "CVE-2022-20132", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20132", }, { cve: "CVE-2022-20141", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20141", }, { cve: "CVE-2022-20154", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20154", }, { cve: "CVE-2022-20166", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20166", }, { cve: "CVE-2022-20368", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20368", }, { cve: "CVE-2022-20369", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20369", }, { cve: "CVE-2022-2047", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2047", }, { cve: "CVE-2022-2048", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2048", }, { cve: "CVE-2022-20567", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20567", }, { cve: "CVE-2022-2068", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2068", }, { cve: "CVE-2022-2097", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2097", }, { cve: "CVE-2022-21216", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21216", }, { cve: "CVE-2022-21233", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21233", }, { cve: "CVE-2022-2124", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2124", }, { cve: "CVE-2022-2125", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2125", }, { cve: "CVE-2022-2126", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2126", }, { cve: "CVE-2022-2129", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2129", }, { cve: "CVE-2022-21363", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21363", }, { cve: "CVE-2022-21385", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21385", }, { cve: "CVE-2022-21499", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21499", }, { cve: "CVE-2022-2153", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2153", }, { cve: "CVE-2022-21540", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21540", }, { cve: "CVE-2022-21541", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21541", }, { cve: "CVE-2022-21549", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21549", }, { cve: "CVE-2022-21618", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21618", }, { cve: "CVE-2022-21619", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21619", }, { cve: "CVE-2022-21624", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21624", }, { cve: "CVE-2022-21626", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21626", }, { cve: "CVE-2022-21628", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21628", }, { cve: "CVE-2022-21702", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21702", }, { cve: "CVE-2022-2175", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2175", }, { cve: "CVE-2022-2182", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2182", }, { cve: "CVE-2022-2183", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2183", }, { cve: "CVE-2022-2206", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2206", }, { cve: "CVE-2022-2207", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2207", }, { cve: "CVE-2022-2208", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2208", }, { cve: "CVE-2022-2210", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2210", }, { cve: "CVE-2022-2231", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2231", }, { cve: "CVE-2022-2256", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2256", }, { cve: "CVE-2022-2257", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2257", }, { cve: "CVE-2022-2264", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2264", }, { cve: "CVE-2022-2284", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2284", }, { cve: "CVE-2022-2285", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2285", }, { cve: "CVE-2022-2286", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2286", }, { cve: "CVE-2022-2287", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2287", }, { cve: "CVE-2022-22976", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-22976", }, { cve: "CVE-2022-22978", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-22978", }, { cve: "CVE-2022-2304", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2304", }, { cve: "CVE-2022-2318", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2318", }, { cve: "CVE-2022-23302", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23302", }, { cve: "CVE-2022-23305", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23305", }, { cve: "CVE-2022-23307", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23307", }, { cve: "CVE-2022-2343", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2343", }, { cve: "CVE-2022-2344", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2344", }, { cve: "CVE-2022-2345", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2345", }, { cve: "CVE-2022-23471", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23471", }, { cve: "CVE-2022-23521", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23521", }, { cve: "CVE-2022-23772", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23772", }, { cve: "CVE-2022-23773", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23773", }, { cve: "CVE-2022-24302", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-24302", }, { cve: "CVE-2022-24329", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-24329", }, { cve: "CVE-2022-24823", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-24823", }, { cve: "CVE-2022-24903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-24903", }, { cve: "CVE-2022-2503", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2503", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-25168", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-25168", }, { cve: "CVE-2022-2519", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2519", }, { cve: "CVE-2022-2520", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2520", }, { cve: "CVE-2022-2521", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2521", }, { cve: "CVE-2022-2522", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2522", }, { cve: "CVE-2022-25647", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-25647", }, { cve: "CVE-2022-2571", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2571", }, { cve: "CVE-2022-2580", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2580", }, { cve: "CVE-2022-2581", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2581", }, { cve: "CVE-2022-25857", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-25857", }, { cve: "CVE-2022-2588", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2588", }, { cve: "CVE-2022-2598", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2598", }, { cve: "CVE-2022-26148", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-26148", }, { cve: "CVE-2022-26365", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-26365", }, { cve: "CVE-2022-26373", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-26373", }, { cve: "CVE-2022-2639", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2639", }, { cve: "CVE-2022-26612", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-26612", }, { cve: "CVE-2022-2663", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2663", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-27943", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-27943", }, { cve: "CVE-2022-2795", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2795", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-2816", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2816", }, { cve: "CVE-2022-2817", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2817", }, { cve: "CVE-2022-2819", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2819", }, { cve: "CVE-2022-28327", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-28327", }, { cve: "CVE-2022-2845", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2845", }, { cve: "CVE-2022-2849", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2849", }, { cve: "CVE-2022-2862", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2862", }, { cve: "CVE-2022-2867", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2867", }, { cve: "CVE-2022-2868", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2868", }, { cve: "CVE-2022-2869", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2869", }, { cve: "CVE-2022-28693", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-28693", }, { cve: "CVE-2022-2874", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2874", }, { cve: "CVE-2022-28748", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-28748", }, { cve: "CVE-2022-2880", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2880", }, { cve: "CVE-2022-2889", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2889", }, { cve: "CVE-2022-29162", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29162", }, { cve: "CVE-2022-29187", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29187", }, { cve: "CVE-2022-2923", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2923", }, { cve: "CVE-2022-2946", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2946", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-29583", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29583", }, { cve: "CVE-2022-2964", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2964", }, { cve: "CVE-2022-2977", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2977", }, { cve: "CVE-2022-2980", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2980", }, { cve: "CVE-2022-2982", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2982", }, { cve: "CVE-2022-29900", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29900", }, { cve: "CVE-2022-29901", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29901", }, { cve: "CVE-2022-2991", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2991", }, { cve: "CVE-2022-3016", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3016", }, { cve: "CVE-2022-3028", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3028", }, { cve: "CVE-2022-3037", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3037", }, { cve: "CVE-2022-30580", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30580", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-3099", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3099", }, { cve: "CVE-2022-31030", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-31030", }, { cve: "CVE-2022-31159", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-31159", }, { cve: "CVE-2022-3134", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3134", }, { cve: "CVE-2022-3153", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3153", }, { cve: "CVE-2022-3169", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3169", }, { cve: "CVE-2022-31690", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-31690", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32148", }, { cve: "CVE-2022-32149", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32149", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-3234", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3234", }, { cve: "CVE-2022-3235", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3235", }, { cve: "CVE-2022-3239", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3239", }, { cve: "CVE-2022-3278", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3278", }, { cve: "CVE-2022-3296", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3296", }, { cve: "CVE-2022-3297", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3297", }, { cve: "CVE-2022-33196", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33196", }, { cve: "CVE-2022-3324", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3324", }, { cve: "CVE-2022-3352", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3352", }, { cve: "CVE-2022-33740", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33740", }, { cve: "CVE-2022-33741", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33741", }, { cve: "CVE-2022-33742", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33742", }, { cve: "CVE-2022-33972", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33972", }, { cve: "CVE-2022-33981", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33981", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-3424", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3424", }, { cve: "CVE-2022-34266", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-34266", }, { cve: "CVE-2022-34526", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-34526", }, { cve: "CVE-2022-34903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-34903", }, { cve: "CVE-2022-3491", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3491", }, { cve: "CVE-2022-3515", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3515", }, { cve: "CVE-2022-3520", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3520", }, { cve: "CVE-2022-3521", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3521", }, { cve: "CVE-2022-3524", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3524", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-3542", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3542", }, { cve: "CVE-2022-3545", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3545", }, { cve: "CVE-2022-3564", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3564", }, { cve: "CVE-2022-3565", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3565", }, { cve: "CVE-2022-3566", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3566", }, { cve: "CVE-2022-3567", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3567", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-3586", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3586", }, { cve: "CVE-2022-3591", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3591", }, { cve: "CVE-2022-3594", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3594", }, { cve: "CVE-2022-3597", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3597", }, { cve: "CVE-2022-3599", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3599", }, { cve: "CVE-2022-36109", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36109", }, { cve: "CVE-2022-3621", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3621", }, { cve: "CVE-2022-3626", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3626", }, { cve: "CVE-2022-3627", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3627", }, { cve: "CVE-2022-3628", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3628", }, { cve: "CVE-2022-36280", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36280", }, { cve: "CVE-2022-3629", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3629", }, { cve: "CVE-2022-3635", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3635", }, { cve: "CVE-2022-3643", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3643", }, { cve: "CVE-2022-36437", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36437", }, { cve: "CVE-2022-3646", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3646", }, { cve: "CVE-2022-3649", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3649", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2022-36879", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36879", }, { cve: "CVE-2022-36946", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36946", }, { cve: "CVE-2022-3705", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3705", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-37436", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-37436", }, { cve: "CVE-2022-37865", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-37865", }, { cve: "CVE-2022-37866", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-37866", }, { cve: "CVE-2022-38090", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38090", }, { cve: "CVE-2022-38096", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38096", }, { cve: "CVE-2022-38126", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38126", }, { cve: "CVE-2022-38127", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38127", }, { cve: "CVE-2022-38177", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38177", }, { cve: "CVE-2022-38178", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38178", }, { cve: "CVE-2022-3821", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3821", }, { cve: "CVE-2022-38533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38533", }, { cve: "CVE-2022-38749", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38749", }, { cve: "CVE-2022-38750", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38750", }, { cve: "CVE-2022-38751", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38751", }, { cve: "CVE-2022-38752", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38752", }, { cve: "CVE-2022-39028", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-39028", }, { cve: "CVE-2022-3903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3903", }, { cve: "CVE-2022-39188", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-39188", }, { cve: "CVE-2022-39399", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-39399", }, { cve: "CVE-2022-3970", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3970", }, { cve: "CVE-2022-40149", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40149", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40151", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40151", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-40153", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40153", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40307", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40307", }, { cve: "CVE-2022-40674", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40674", }, { cve: "CVE-2022-40768", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40768", }, { cve: "CVE-2022-40899", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40899", }, { cve: "CVE-2022-4095", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4095", }, { cve: "CVE-2022-41218", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41218", }, { cve: "CVE-2022-4129", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4129", }, { cve: "CVE-2022-4141", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4141", }, { cve: "CVE-2022-41717", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41717", }, { cve: "CVE-2022-41721", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41721", }, { cve: "CVE-2022-41848", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41848", }, { cve: "CVE-2022-41850", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41850", }, { cve: "CVE-2022-41854", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41854", }, { cve: "CVE-2022-41858", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41858", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-41903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41903", }, { cve: "CVE-2022-41915", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41915", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41974", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41974", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-42010", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42010", }, { cve: "CVE-2022-42011", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42011", }, { cve: "CVE-2022-42012", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42012", }, { cve: "CVE-2022-42328", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42328", }, { cve: "CVE-2022-42329", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42329", }, { cve: "CVE-2022-42703", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42703", }, { cve: "CVE-2022-42889", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42889", }, { cve: "CVE-2022-42895", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42895", }, { cve: "CVE-2022-42896", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42896", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-4292", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4292", }, { cve: "CVE-2022-4293", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4293", }, { cve: "CVE-2022-42969", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42969", }, { cve: "CVE-2022-4304", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4304", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-43680", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43680", }, { cve: "CVE-2022-43750", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43750", }, { cve: "CVE-2022-4378", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4378", }, { cve: "CVE-2022-43945", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43945", }, { cve: "CVE-2022-43995", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43995", }, { cve: "CVE-2022-4415", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4415", }, { cve: "CVE-2022-4450", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4450", }, { cve: "CVE-2022-44638", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-44638", }, { cve: "CVE-2022-45061", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45061", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-45884", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45884", }, { cve: "CVE-2022-45885", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45885", }, { cve: "CVE-2022-45886", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45886", }, { cve: "CVE-2022-45887", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45887", }, { cve: "CVE-2022-45919", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45919", }, { cve: "CVE-2022-45934", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45934", }, { cve: "CVE-2022-45939", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45939", }, { cve: "CVE-2022-4662", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4662", }, { cve: "CVE-2022-46751", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-46751", }, { cve: "CVE-2022-46908", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-46908", }, { cve: "CVE-2022-47629", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-47629", }, { cve: "CVE-2022-47929", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-47929", }, { cve: "CVE-2022-48281", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-48281", }, { cve: "CVE-2022-48337", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-48337", }, { cve: "CVE-2022-48339", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-48339", }, { cve: "CVE-2023-0045", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0045", }, { cve: "CVE-2023-0049", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0049", }, { cve: "CVE-2023-0051", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0051", }, { cve: "CVE-2023-0054", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0054", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0288", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0288", }, { cve: "CVE-2023-0433", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0433", }, { cve: "CVE-2023-0464", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0464", }, { cve: "CVE-2023-0465", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0465", }, { cve: "CVE-2023-0466", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0466", }, { cve: "CVE-2023-0512", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0512", }, { cve: "CVE-2023-0590", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0590", }, { cve: "CVE-2023-0597", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0597", }, { cve: "CVE-2023-0833", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0833", }, { cve: "CVE-2023-1076", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1076", }, { cve: "CVE-2023-1095", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1095", }, { cve: "CVE-2023-1118", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1118", }, { cve: "CVE-2023-1127", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1127", }, { cve: "CVE-2023-1170", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1170", }, { cve: "CVE-2023-1175", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1175", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2023-1380", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1380", }, { cve: "CVE-2023-1390", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1390", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1513", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1513", }, { cve: "CVE-2023-1611", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1611", }, { cve: "CVE-2023-1670", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1670", }, { cve: "CVE-2023-1855", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1855", }, { cve: "CVE-2023-1989", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1989", }, { cve: "CVE-2023-1990", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1990", }, { cve: "CVE-2023-1998", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1998", }, { cve: "CVE-2023-20862", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-20862", }, { cve: "CVE-2023-2124", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2124", }, { cve: "CVE-2023-2162", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2162", }, { cve: "CVE-2023-2176", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2176", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-21835", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21835", }, { cve: "CVE-2023-21843", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21843", }, { cve: "CVE-2023-21930", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21939", }, { cve: "CVE-2023-2194", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2194", }, { cve: "CVE-2023-21954", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21968", }, { cve: "CVE-2023-22490", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-22490", }, { cve: "CVE-2023-2253", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2253", }, { cve: "CVE-2023-22809", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-22809", }, { cve: "CVE-2023-23454", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23454", }, { cve: "CVE-2023-23455", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23455", }, { cve: "CVE-2023-23559", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23559", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23946", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23946", }, { cve: "CVE-2023-24329", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-24329", }, { cve: "CVE-2023-24532", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-24532", }, { cve: "CVE-2023-24534", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-24534", }, { cve: "CVE-2023-2483", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2483", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-2513", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2513", }, { cve: "CVE-2023-25193", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25193", }, { cve: "CVE-2023-25652", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25652", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-25809", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25809", }, { cve: "CVE-2023-25815", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25815", }, { cve: "CVE-2023-26048", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-26048", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-26545", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-26545", }, { cve: "CVE-2023-26604", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-26604", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-27561", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27561", }, { cve: "CVE-2023-2828", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2828", }, { cve: "CVE-2023-28320", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28320", }, { cve: "CVE-2023-28321", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28321", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-28328", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28328", }, { cve: "CVE-2023-28464", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28464", }, { cve: "CVE-2023-28486", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28486", }, { cve: "CVE-2023-28487", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28487", }, { cve: "CVE-2023-28642", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28642", }, { cve: "CVE-2023-28772", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28772", }, { cve: "CVE-2023-28840", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28840", }, { cve: "CVE-2023-28841", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28841", }, { cve: "CVE-2023-28842", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28842", }, { cve: "CVE-2023-29007", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29007", }, { cve: "CVE-2023-29383", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29383", }, { cve: "CVE-2023-29402", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29402", }, { cve: "CVE-2023-29406", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29406", }, { cve: "CVE-2023-29409", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29409", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-30630", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-30630", }, { cve: "CVE-2023-30772", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-30772", }, { cve: "CVE-2023-31084", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-31084", }, { cve: "CVE-2023-3138", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-3138", }, { cve: "CVE-2023-31436", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-31436", }, { cve: "CVE-2023-31484", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-31484", }, { cve: "CVE-2023-32269", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-32269", }, { cve: "CVE-2023-32697", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-32697", }, { cve: "CVE-2023-33264", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-33264", }, { cve: "CVE-2023-34034", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34034", }, { cve: "CVE-2023-34035", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34035", }, { cve: "CVE-2023-34453", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34453", }, { cve: "CVE-2023-34454", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34454", }, { cve: "CVE-2023-34455", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34455", }, { cve: "CVE-2023-34462", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34462", }, { cve: "CVE-2023-35116", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-35116", }, { cve: "CVE-2023-3635", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-3635", }, { cve: "CVE-2023-36479", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-36479", }, { cve: "CVE-2023-39533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-39533", }, { cve: "CVE-2023-40167", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-40167", }, { cve: "CVE-2023-40217", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-40217", }, { cve: "CVE-2023-41105", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-41105", }, { cve: "CVE-2023-41900", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-41900", }, { cve: "CVE-2023-43642", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-43642", }, { cve: "CVE-2023-43804", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-43804", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45803", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-45803", }, { cve: "CVE-2024-21626", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2024-21626", }, ], }
WID-SEC-W-2024-0794
Vulnerability from csaf_certbund
Published
2024-04-04 22:00
Modified
2024-11-27 23:00
Summary
Dell ECS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Dell ECS ist ein Objektspeichersystem.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Dell ECS ist ein Objektspeichersystem.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0794 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json", }, { category: "self", summary: "WID-SEC-2024-0794 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794", }, { category: "external", summary: "Dell Security Advisory DSA-2024-141 vom 2024-04-04", url: "https://www.dell.com/support/kbdoc/000223839/dsa-2024-=", }, ], source_lang: "en-US", title: "Dell ECS: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-27T23:00:00.000+00:00", generator: { date: "2024-11-28T11:39:04.623+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0794", initial_release_date: "2024-04-04T22:00:00.000+00:00", revision_history: [ { date: "2024-04-04T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-11-27T23:00:00.000+00:00", number: "2", summary: "Produktzuordnung überprüft", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<3.8.1.0", product: { name: "Dell ECS <3.8.1.0", product_id: "T033919", }, }, { category: "product_version", name: "3.8.1.0", product: { name: "Dell ECS 3.8.1.0", product_id: "T033919-fixed", product_identification_helper: { cpe: "cpe:/h:dell:ecs:3.8.1.0", }, }, }, ], category: "product_name", name: "ECS", }, ], category: "vendor", name: "Dell", }, ], }, vulnerabilities: [ { cve: "CVE-2018-18074", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2018-18074", }, { cve: "CVE-2020-10663", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10663", }, { cve: "CVE-2020-10672", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10672", }, { cve: "CVE-2020-10673", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10673", }, { cve: "CVE-2020-10735", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10735", }, { cve: "CVE-2020-10968", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10968", }, { cve: "CVE-2020-10969", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-10969", }, { cve: "CVE-2020-11111", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11111", }, { cve: "CVE-2020-11112", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11112", }, { cve: "CVE-2020-11113", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11113", }, { cve: "CVE-2020-11612", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11612", }, { cve: "CVE-2020-11619", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11619", }, { cve: "CVE-2020-11620", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11620", }, { cve: "CVE-2020-11979", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-11979", }, { cve: "CVE-2020-12762", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-12762", }, { cve: "CVE-2020-12825", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-12825", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2020-14060", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-14060", }, { cve: "CVE-2020-14061", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-14061", }, { cve: "CVE-2020-14062", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-14062", }, { cve: "CVE-2020-14195", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-14195", }, { cve: "CVE-2020-15250", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-15250", }, { cve: "CVE-2020-1945", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-1945", }, { cve: "CVE-2020-1967", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-1967", }, { cve: "CVE-2020-1971", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-1971", }, { cve: "CVE-2020-24616", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-24616", }, { cve: "CVE-2020-24750", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-24750", }, { cve: "CVE-2020-25649", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-25649", }, { cve: "CVE-2020-25658", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-25658", }, { cve: "CVE-2020-26116", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-26116", }, { cve: "CVE-2020-26137", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-26137", }, { cve: "CVE-2020-26541", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-26541", }, { cve: "CVE-2020-27216", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-27216", }, { cve: "CVE-2020-27218", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-27218", }, { cve: "CVE-2020-27223", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-27223", }, { cve: "CVE-2020-28366", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-28366", }, { cve: "CVE-2020-28493", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-28493", }, { cve: "CVE-2020-29509", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-29509", }, { cve: "CVE-2020-29511", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-29511", }, { cve: "CVE-2020-29582", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-29582", }, { cve: "CVE-2020-29651", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-29651", }, { cve: "CVE-2020-35490", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-35490", }, { cve: "CVE-2020-35491", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-35491", }, { cve: "CVE-2020-35728", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-35728", }, { cve: "CVE-2020-36179", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36179", }, { cve: "CVE-2020-36180", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36180", }, { cve: "CVE-2020-36181", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36181", }, { cve: "CVE-2020-36182", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36182", }, { cve: "CVE-2020-36183", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36183", }, { cve: "CVE-2020-36184", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36184", }, { cve: "CVE-2020-36185", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36185", }, { cve: "CVE-2020-36186", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36186", }, { cve: "CVE-2020-36187", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36187", }, { cve: "CVE-2020-36188", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36188", }, { cve: "CVE-2020-36189", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36189", }, { cve: "CVE-2020-36516", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36516", }, { cve: "CVE-2020-36518", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36518", }, { cve: "CVE-2020-36557", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36557", }, { cve: "CVE-2020-36558", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36558", }, { cve: "CVE-2020-36691", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-36691", }, { cve: "CVE-2020-7238", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-7238", }, { cve: "CVE-2020-8840", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-8840", }, { cve: "CVE-2020-8908", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-8908", }, { cve: "CVE-2020-8911", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-8911", }, { cve: "CVE-2020-8912", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-8912", }, { cve: "CVE-2020-9488", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9488", }, { cve: "CVE-2020-9493", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9493", }, { cve: "CVE-2020-9546", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9546", }, { cve: "CVE-2020-9547", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9547", }, { cve: "CVE-2020-9548", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2020-9548", }, { cve: "CVE-2021-20190", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-20190", }, { cve: "CVE-2021-20323", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-20323", }, { cve: "CVE-2021-21290", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-21290", }, { cve: "CVE-2021-21295", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-21295", }, { cve: "CVE-2021-21409", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-21409", }, { cve: "CVE-2021-23840", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-23840", }, { cve: "CVE-2021-23841", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-23841", }, { cve: "CVE-2021-2471", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-2471", }, { cve: "CVE-2021-25642", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-25642", }, { cve: "CVE-2021-26341", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-26341", }, { cve: "CVE-2021-27918", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-27918", }, { cve: "CVE-2021-28153", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-28153", }, { cve: "CVE-2021-28165", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-28165", }, { cve: "CVE-2021-28169", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-28169", }, { cve: "CVE-2021-28861", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-28861", }, { cve: "CVE-2021-29425", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-29425", }, { cve: "CVE-2021-30560", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-30560", }, { cve: "CVE-2021-3114", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3114", }, { cve: "CVE-2021-33036", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33036", }, { cve: "CVE-2021-33194", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33194", }, { cve: "CVE-2021-33195", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33195", }, { cve: "CVE-2021-33196", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33196", }, { cve: "CVE-2021-33197", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33197", }, { cve: "CVE-2021-33503", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33503", }, { cve: "CVE-2021-33655", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33655", }, { cve: "CVE-2021-33656", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-33656", }, { cve: "CVE-2021-3424", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3424", }, { cve: "CVE-2021-34428", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-34428", }, { cve: "CVE-2021-3449", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3449", }, { cve: "CVE-2021-3450", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3450", }, { cve: "CVE-2021-3530", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3530", }, { cve: "CVE-2021-36221", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-36221", }, { cve: "CVE-2021-36373", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-36373", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-3648", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3648", }, { cve: "CVE-2021-36690", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-36690", }, { cve: "CVE-2021-3711", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3711", }, { cve: "CVE-2021-3712", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3712", }, { cve: "CVE-2021-37136", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-37136", }, { cve: "CVE-2021-37137", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-37137", }, { cve: "CVE-2021-37404", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-37404", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2021-3754", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3754", }, { cve: "CVE-2021-3778", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3778", }, { cve: "CVE-2021-3796", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3796", }, { cve: "CVE-2021-3826", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3826", }, { cve: "CVE-2021-3827", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3827", }, { cve: "CVE-2021-38297", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-38297", }, { cve: "CVE-2021-3872", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3872", }, { cve: "CVE-2021-3875", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3875", }, { cve: "CVE-2021-3903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3903", }, { cve: "CVE-2021-3923", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3923", }, { cve: "CVE-2021-3927", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3927", }, { cve: "CVE-2021-3928", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3928", }, { cve: "CVE-2021-3968", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3968", }, { cve: "CVE-2021-3973", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3973", }, { cve: "CVE-2021-3974", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3974", }, { cve: "CVE-2021-3984", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-3984", }, { cve: "CVE-2021-4019", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4019", }, { cve: "CVE-2021-4037", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4037", }, { cve: "CVE-2021-4069", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4069", }, { cve: "CVE-2021-4104", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4104", }, { cve: "CVE-2021-4136", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4136", }, { cve: "CVE-2021-4157", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4157", }, { cve: "CVE-2021-4166", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4166", }, { cve: "CVE-2021-41771", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-41771", }, { cve: "CVE-2021-4192", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4192", }, { cve: "CVE-2021-4193", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4193", }, { cve: "CVE-2021-4203", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-4203", }, { cve: "CVE-2021-42567", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-42567", }, { cve: "CVE-2021-43797", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-43797", }, { cve: "CVE-2021-44531", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44531", }, { cve: "CVE-2021-44532", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44532", }, { cve: "CVE-2021-44533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44533", }, { cve: "CVE-2021-44716", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44716", }, { cve: "CVE-2021-44878", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-44878", }, { cve: "CVE-2021-45078", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-45078", }, { cve: "CVE-2021-46195", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-46195", }, { cve: "CVE-2021-46828", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-46828", }, { cve: "CVE-2021-46848", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2021-46848", }, { cve: "CVE-2022-0128", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0128", }, { cve: "CVE-2022-0213", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0213", }, { cve: "CVE-2022-0225", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0225", }, { cve: "CVE-2022-0261", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0261", }, { cve: "CVE-2022-0318", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0318", }, { cve: "CVE-2022-0319", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0319", }, { cve: "CVE-2022-0351", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0351", }, { cve: "CVE-2022-0359", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0359", }, { cve: "CVE-2022-0361", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0361", }, { cve: "CVE-2022-0392", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0392", }, { cve: "CVE-2022-0407", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0407", }, { cve: "CVE-2022-0413", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0413", }, { cve: "CVE-2022-0561", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0561", }, { cve: "CVE-2022-0696", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0696", }, { cve: "CVE-2022-0778", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-0778", }, { cve: "CVE-2022-1184", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1184", }, { cve: "CVE-2022-1245", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1245", }, { cve: "CVE-2022-1271", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1271", }, { cve: "CVE-2022-1292", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1292", }, { cve: "CVE-2022-1381", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1381", }, { cve: "CVE-2022-1420", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1420", }, { cve: "CVE-2022-1462", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1462", }, { cve: "CVE-2022-1466", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1466", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2022-1586", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1586", }, { cve: "CVE-2022-1587", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1587", }, { cve: "CVE-2022-1616", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1616", }, { cve: "CVE-2022-1619", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1619", }, { cve: "CVE-2022-1620", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1620", }, { cve: "CVE-2022-1679", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1679", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2022-1720", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1720", }, { cve: "CVE-2022-1729", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1729", }, { cve: "CVE-2022-1733", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1733", }, { cve: "CVE-2022-1735", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1735", }, { cve: "CVE-2022-1771", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1771", }, { cve: "CVE-2022-1785", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1785", }, { cve: "CVE-2022-1796", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1796", }, { cve: "CVE-2022-1851", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1851", }, { cve: "CVE-2022-1897", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1897", }, { cve: "CVE-2022-1898", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1898", }, { cve: "CVE-2022-1927", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1927", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-1968", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1968", }, { cve: "CVE-2022-1974", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1974", }, { cve: "CVE-2022-1975", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-1975", }, { cve: "CVE-2022-20132", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20132", }, { cve: "CVE-2022-20141", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20141", }, { cve: "CVE-2022-20154", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20154", }, { cve: "CVE-2022-20166", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20166", }, { cve: "CVE-2022-20368", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20368", }, { cve: "CVE-2022-20369", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20369", }, { cve: "CVE-2022-2047", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2047", }, { cve: "CVE-2022-2048", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2048", }, { cve: "CVE-2022-20567", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-20567", }, { cve: "CVE-2022-2068", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2068", }, { cve: "CVE-2022-2097", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2097", }, { cve: "CVE-2022-21216", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21216", }, { cve: "CVE-2022-21233", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21233", }, { cve: "CVE-2022-2124", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2124", }, { cve: "CVE-2022-2125", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2125", }, { cve: "CVE-2022-2126", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2126", }, { cve: "CVE-2022-2129", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2129", }, { cve: "CVE-2022-21363", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21363", }, { cve: "CVE-2022-21385", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21385", }, { cve: "CVE-2022-21499", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21499", }, { cve: "CVE-2022-2153", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2153", }, { cve: "CVE-2022-21540", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21540", }, { cve: "CVE-2022-21541", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21541", }, { cve: "CVE-2022-21549", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21549", }, { cve: "CVE-2022-21618", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21618", }, { cve: "CVE-2022-21619", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21619", }, { cve: "CVE-2022-21624", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21624", }, { cve: "CVE-2022-21626", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21626", }, { cve: "CVE-2022-21628", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21628", }, { cve: "CVE-2022-21702", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-21702", }, { cve: "CVE-2022-2175", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2175", }, { cve: "CVE-2022-2182", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2182", }, { cve: "CVE-2022-2183", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2183", }, { cve: "CVE-2022-2206", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2206", }, { cve: "CVE-2022-2207", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2207", }, { cve: "CVE-2022-2208", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2208", }, { cve: "CVE-2022-2210", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2210", }, { cve: "CVE-2022-2231", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2231", }, { cve: "CVE-2022-2256", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2256", }, { cve: "CVE-2022-2257", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2257", }, { cve: "CVE-2022-2264", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2264", }, { cve: "CVE-2022-2284", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2284", }, { cve: "CVE-2022-2285", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2285", }, { cve: "CVE-2022-2286", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2286", }, { cve: "CVE-2022-2287", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2287", }, { cve: "CVE-2022-22976", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-22976", }, { cve: "CVE-2022-22978", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-22978", }, { cve: "CVE-2022-2304", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2304", }, { cve: "CVE-2022-2318", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2318", }, { cve: "CVE-2022-23302", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23302", }, { cve: "CVE-2022-23305", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23305", }, { cve: "CVE-2022-23307", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23307", }, { cve: "CVE-2022-2343", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2343", }, { cve: "CVE-2022-2344", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2344", }, { cve: "CVE-2022-2345", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2345", }, { cve: "CVE-2022-23471", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23471", }, { cve: "CVE-2022-23521", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23521", }, { cve: "CVE-2022-23772", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23772", }, { cve: "CVE-2022-23773", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-23773", }, { cve: "CVE-2022-24302", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-24302", }, { cve: "CVE-2022-24329", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-24329", }, { cve: "CVE-2022-24823", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-24823", }, { cve: "CVE-2022-24903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-24903", }, { cve: "CVE-2022-2503", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2503", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-25168", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-25168", }, { cve: "CVE-2022-2519", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2519", }, { cve: "CVE-2022-2520", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2520", }, { cve: "CVE-2022-2521", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2521", }, { cve: "CVE-2022-2522", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2522", }, { cve: "CVE-2022-25647", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-25647", }, { cve: "CVE-2022-2571", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2571", }, { cve: "CVE-2022-2580", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2580", }, { cve: "CVE-2022-2581", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2581", }, { cve: "CVE-2022-25857", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-25857", }, { cve: "CVE-2022-2588", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2588", }, { cve: "CVE-2022-2598", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2598", }, { cve: "CVE-2022-26148", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-26148", }, { cve: "CVE-2022-26365", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-26365", }, { cve: "CVE-2022-26373", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-26373", }, { cve: "CVE-2022-2639", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2639", }, { cve: "CVE-2022-26612", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-26612", }, { cve: "CVE-2022-2663", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2663", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-27943", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-27943", }, { cve: "CVE-2022-2795", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2795", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-2816", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2816", }, { cve: "CVE-2022-2817", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2817", }, { cve: "CVE-2022-2819", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2819", }, { cve: "CVE-2022-28327", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-28327", }, { cve: "CVE-2022-2845", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2845", }, { cve: "CVE-2022-2849", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2849", }, { cve: "CVE-2022-2862", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2862", }, { cve: "CVE-2022-2867", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2867", }, { cve: "CVE-2022-2868", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2868", }, { cve: "CVE-2022-2869", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2869", }, { cve: "CVE-2022-28693", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-28693", }, { cve: "CVE-2022-2874", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2874", }, { cve: "CVE-2022-28748", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-28748", }, { cve: "CVE-2022-2880", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2880", }, { cve: "CVE-2022-2889", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2889", }, { cve: "CVE-2022-29162", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29162", }, { cve: "CVE-2022-29187", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29187", }, { cve: "CVE-2022-2923", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2923", }, { cve: "CVE-2022-2946", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2946", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-29583", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29583", }, { cve: "CVE-2022-2964", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2964", }, { cve: "CVE-2022-2977", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2977", }, { cve: "CVE-2022-2980", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2980", }, { cve: "CVE-2022-2982", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2982", }, { cve: "CVE-2022-29900", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29900", }, { cve: "CVE-2022-29901", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-29901", }, { cve: "CVE-2022-2991", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-2991", }, { cve: "CVE-2022-3016", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3016", }, { cve: "CVE-2022-3028", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3028", }, { cve: "CVE-2022-3037", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3037", }, { cve: "CVE-2022-30580", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30580", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-3099", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3099", }, { cve: "CVE-2022-31030", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-31030", }, { cve: "CVE-2022-31159", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-31159", }, { cve: "CVE-2022-3134", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3134", }, { cve: "CVE-2022-3153", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3153", }, { cve: "CVE-2022-3169", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3169", }, { cve: "CVE-2022-31690", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-31690", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32148", }, { cve: "CVE-2022-32149", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32149", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-3234", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3234", }, { cve: "CVE-2022-3235", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3235", }, { cve: "CVE-2022-3239", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3239", }, { cve: "CVE-2022-3278", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3278", }, { cve: "CVE-2022-3296", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3296", }, { cve: "CVE-2022-3297", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3297", }, { cve: "CVE-2022-33196", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33196", }, { cve: "CVE-2022-3324", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3324", }, { cve: "CVE-2022-3352", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3352", }, { cve: "CVE-2022-33740", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33740", }, { cve: "CVE-2022-33741", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33741", }, { cve: "CVE-2022-33742", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33742", }, { cve: "CVE-2022-33972", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33972", }, { cve: "CVE-2022-33981", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-33981", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-3424", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3424", }, { cve: "CVE-2022-34266", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-34266", }, { cve: "CVE-2022-34526", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-34526", }, { cve: "CVE-2022-34903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-34903", }, { cve: "CVE-2022-3491", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3491", }, { cve: "CVE-2022-3515", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3515", }, { cve: "CVE-2022-3520", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3520", }, { cve: "CVE-2022-3521", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3521", }, { cve: "CVE-2022-3524", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3524", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-3542", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3542", }, { cve: "CVE-2022-3545", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3545", }, { cve: "CVE-2022-3564", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3564", }, { cve: "CVE-2022-3565", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3565", }, { cve: "CVE-2022-3566", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3566", }, { cve: "CVE-2022-3567", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3567", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-3586", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3586", }, { cve: "CVE-2022-3591", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3591", }, { cve: "CVE-2022-3594", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3594", }, { cve: "CVE-2022-3597", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3597", }, { cve: "CVE-2022-3599", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3599", }, { cve: "CVE-2022-36109", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36109", }, { cve: "CVE-2022-3621", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3621", }, { cve: "CVE-2022-3626", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3626", }, { cve: "CVE-2022-3627", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3627", }, { cve: "CVE-2022-3628", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3628", }, { cve: "CVE-2022-36280", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36280", }, { cve: "CVE-2022-3629", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3629", }, { cve: "CVE-2022-3635", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3635", }, { cve: "CVE-2022-3643", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3643", }, { cve: "CVE-2022-36437", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36437", }, { cve: "CVE-2022-3646", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3646", }, { cve: "CVE-2022-3649", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3649", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2022-36879", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36879", }, { cve: "CVE-2022-36946", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-36946", }, { cve: "CVE-2022-3705", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3705", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-37436", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-37436", }, { cve: "CVE-2022-37865", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-37865", }, { cve: "CVE-2022-37866", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-37866", }, { cve: "CVE-2022-38090", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38090", }, { cve: "CVE-2022-38096", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38096", }, { cve: "CVE-2022-38126", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38126", }, { cve: "CVE-2022-38127", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38127", }, { cve: "CVE-2022-38177", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38177", }, { cve: "CVE-2022-38178", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38178", }, { cve: "CVE-2022-3821", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3821", }, { cve: "CVE-2022-38533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38533", }, { cve: "CVE-2022-38749", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38749", }, { cve: "CVE-2022-38750", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38750", }, { cve: "CVE-2022-38751", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38751", }, { cve: "CVE-2022-38752", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-38752", }, { cve: "CVE-2022-39028", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-39028", }, { cve: "CVE-2022-3903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3903", }, { cve: "CVE-2022-39188", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-39188", }, { cve: "CVE-2022-39399", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-39399", }, { cve: "CVE-2022-3970", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-3970", }, { cve: "CVE-2022-40149", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40149", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40151", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40151", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-40153", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40153", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40307", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40307", }, { cve: "CVE-2022-40674", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40674", }, { cve: "CVE-2022-40768", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40768", }, { cve: "CVE-2022-40899", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-40899", }, { cve: "CVE-2022-4095", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4095", }, { cve: "CVE-2022-41218", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41218", }, { cve: "CVE-2022-4129", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4129", }, { cve: "CVE-2022-4141", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4141", }, { cve: "CVE-2022-41717", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41717", }, { cve: "CVE-2022-41721", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41721", }, { cve: "CVE-2022-41848", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41848", }, { cve: "CVE-2022-41850", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41850", }, { cve: "CVE-2022-41854", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41854", }, { cve: "CVE-2022-41858", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41858", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-41903", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41903", }, { cve: "CVE-2022-41915", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41915", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41974", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-41974", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-42010", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42010", }, { cve: "CVE-2022-42011", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42011", }, { cve: "CVE-2022-42012", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42012", }, { cve: "CVE-2022-42328", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42328", }, { cve: "CVE-2022-42329", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42329", }, { cve: "CVE-2022-42703", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42703", }, { cve: "CVE-2022-42889", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42889", }, { cve: "CVE-2022-42895", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42895", }, { cve: "CVE-2022-42896", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42896", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-4292", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4292", }, { cve: "CVE-2022-4293", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4293", }, { cve: "CVE-2022-42969", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-42969", }, { cve: "CVE-2022-4304", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4304", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-43680", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43680", }, { cve: "CVE-2022-43750", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43750", }, { cve: "CVE-2022-4378", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4378", }, { cve: "CVE-2022-43945", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43945", }, { cve: "CVE-2022-43995", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-43995", }, { cve: "CVE-2022-4415", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4415", }, { cve: "CVE-2022-4450", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4450", }, { cve: "CVE-2022-44638", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-44638", }, { cve: "CVE-2022-45061", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45061", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-45884", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45884", }, { cve: "CVE-2022-45885", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45885", }, { cve: "CVE-2022-45886", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45886", }, { cve: "CVE-2022-45887", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45887", }, { cve: "CVE-2022-45919", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45919", }, { cve: "CVE-2022-45934", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45934", }, { cve: "CVE-2022-45939", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-45939", }, { cve: "CVE-2022-4662", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-4662", }, { cve: "CVE-2022-46751", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-46751", }, { cve: "CVE-2022-46908", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-46908", }, { cve: "CVE-2022-47629", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-47629", }, { cve: "CVE-2022-47929", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-47929", }, { cve: "CVE-2022-48281", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-48281", }, { cve: "CVE-2022-48337", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-48337", }, { cve: "CVE-2022-48339", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2022-48339", }, { cve: "CVE-2023-0045", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0045", }, { cve: "CVE-2023-0049", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0049", }, { cve: "CVE-2023-0051", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0051", }, { cve: "CVE-2023-0054", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0054", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0288", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0288", }, { cve: "CVE-2023-0433", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0433", }, { cve: "CVE-2023-0464", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0464", }, { cve: "CVE-2023-0465", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0465", }, { cve: "CVE-2023-0466", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0466", }, { cve: "CVE-2023-0512", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0512", }, { cve: "CVE-2023-0590", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0590", }, { cve: "CVE-2023-0597", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0597", }, { cve: "CVE-2023-0833", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-0833", }, { cve: "CVE-2023-1076", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1076", }, { cve: "CVE-2023-1095", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1095", }, { cve: "CVE-2023-1118", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1118", }, { cve: "CVE-2023-1127", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1127", }, { cve: "CVE-2023-1170", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1170", }, { cve: "CVE-2023-1175", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1175", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2023-1380", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1380", }, { cve: "CVE-2023-1390", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1390", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1513", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1513", }, { cve: "CVE-2023-1611", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1611", }, { cve: "CVE-2023-1670", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1670", }, { cve: "CVE-2023-1855", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1855", }, { cve: "CVE-2023-1989", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1989", }, { cve: "CVE-2023-1990", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1990", }, { cve: "CVE-2023-1998", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-1998", }, { cve: "CVE-2023-20862", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-20862", }, { cve: "CVE-2023-2124", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2124", }, { cve: "CVE-2023-2162", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2162", }, { cve: "CVE-2023-2176", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2176", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-21835", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21835", }, { cve: "CVE-2023-21843", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21843", }, { cve: "CVE-2023-21930", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21939", }, { cve: "CVE-2023-2194", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2194", }, { cve: "CVE-2023-21954", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-21968", }, { cve: "CVE-2023-22490", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-22490", }, { cve: "CVE-2023-2253", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2253", }, { cve: "CVE-2023-22809", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-22809", }, { cve: "CVE-2023-23454", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23454", }, { cve: "CVE-2023-23455", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23455", }, { cve: "CVE-2023-23559", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23559", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23946", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-23946", }, { cve: "CVE-2023-24329", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-24329", }, { cve: "CVE-2023-24532", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-24532", }, { cve: "CVE-2023-24534", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-24534", }, { cve: "CVE-2023-2483", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2483", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-2513", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2513", }, { cve: "CVE-2023-25193", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25193", }, { cve: "CVE-2023-25652", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25652", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-25809", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25809", }, { cve: "CVE-2023-25815", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-25815", }, { cve: "CVE-2023-26048", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-26048", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-26545", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-26545", }, { cve: "CVE-2023-26604", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-26604", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-27561", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-27561", }, { cve: "CVE-2023-2828", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2828", }, { cve: "CVE-2023-28320", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28320", }, { cve: "CVE-2023-28321", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28321", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-28328", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28328", }, { cve: "CVE-2023-28464", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28464", }, { cve: "CVE-2023-28486", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28486", }, { cve: "CVE-2023-28487", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28487", }, { cve: "CVE-2023-28642", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28642", }, { cve: "CVE-2023-28772", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28772", }, { cve: "CVE-2023-28840", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28840", }, { cve: "CVE-2023-28841", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28841", }, { cve: "CVE-2023-28842", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-28842", }, { cve: "CVE-2023-29007", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29007", }, { cve: "CVE-2023-29383", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29383", }, { cve: "CVE-2023-29402", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29402", }, { cve: "CVE-2023-29406", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29406", }, { cve: "CVE-2023-29409", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-29409", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-30630", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-30630", }, { cve: "CVE-2023-30772", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-30772", }, { cve: "CVE-2023-31084", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-31084", }, { cve: "CVE-2023-3138", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-3138", }, { cve: "CVE-2023-31436", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-31436", }, { cve: "CVE-2023-31484", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-31484", }, { cve: "CVE-2023-32269", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-32269", }, { cve: "CVE-2023-32697", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-32697", }, { cve: "CVE-2023-33264", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-33264", }, { cve: "CVE-2023-34034", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34034", }, { cve: "CVE-2023-34035", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34035", }, { cve: "CVE-2023-34453", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34453", }, { cve: "CVE-2023-34454", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34454", }, { cve: "CVE-2023-34455", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34455", }, { cve: "CVE-2023-34462", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-34462", }, { cve: "CVE-2023-35116", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-35116", }, { cve: "CVE-2023-3635", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-3635", }, { cve: "CVE-2023-36479", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-36479", }, { cve: "CVE-2023-39533", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-39533", }, { cve: "CVE-2023-40167", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-40167", }, { cve: "CVE-2023-40217", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-40217", }, { cve: "CVE-2023-41105", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-41105", }, { cve: "CVE-2023-41900", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-41900", }, { cve: "CVE-2023-43642", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-43642", }, { cve: "CVE-2023-43804", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-43804", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45803", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2023-45803", }, { cve: "CVE-2024-21626", notes: [ { category: "description", text: "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T033919", ], }, release_date: "2024-04-04T22:00:00.000+00:00", title: "CVE-2024-21626", }, ], }
WID-SEC-W-2024-0125
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Enterprise Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0125 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0125.json", }, { category: "self", summary: "WID-SEC-2024-0125 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0125", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Enterprise Manager vom 2024-01-16", url: "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEM", }, ], source_lang: "en-US", title: "Oracle Enterprise Manager: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-16T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:50.727+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0125", initial_release_date: "2024-01-16T23:00:00.000+00:00", revision_history: [ { date: "2024-01-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Enterprise Manager 12.4.0.0", product: { name: "Oracle Enterprise Manager 12.4.0.0", product_id: "T018973", product_identification_helper: { cpe: "cpe:/a:oracle:enterprise_manager:12.4.0.0", }, }, }, { category: "product_name", name: "Oracle Enterprise Manager 13.3.0.1", product: { name: "Oracle Enterprise Manager 13.3.0.1", product_id: "T018974", product_identification_helper: { cpe: "cpe:/a:oracle:enterprise_manager:13.3.0.1", }, }, }, { category: "product_name", name: "Oracle Enterprise Manager 13.5.0.0", product: { name: "Oracle Enterprise Manager 13.5.0.0", product_id: "T020692", product_identification_helper: { cpe: "cpe:/a:oracle:enterprise_manager:13.5.0.0", }, }, }, ], category: "product_name", name: "Enterprise Manager", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2024-20917", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20917", }, { cve: "CVE-2024-20916", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20916", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-2618", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-2618", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-42003", }, ], }
wid-sec-w-2024-0116
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Siebel CRM: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Siebel CRM ist eine CRM-Lösung von Oracle.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Siebel CRM ausnutzen, um die Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Siebel CRM ist eine CRM-Lösung von Oracle.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Siebel CRM ausnutzen, um die Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0116 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0116.json", }, { category: "self", summary: "WID-SEC-2024-0116 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0116", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Siebel CRM vom 2024-01-16", url: "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixSECR", }, ], source_lang: "en-US", title: "Oracle Siebel CRM: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-16T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:46.701+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0116", initial_release_date: "2024-01-16T23:00:00.000+00:00", revision_history: [ { date: "2024-01-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Siebel CRM < 23.8", product: { name: "Oracle Siebel CRM < 23.8", product_id: "T030617", product_identification_helper: { cpe: "cpe:/a:oracle:siebel_crm:23.8", }, }, }, { category: "product_name", name: "Oracle Siebel CRM < 23.12", product: { name: "Oracle Siebel CRM < 23.12", product_id: "T032128", product_identification_helper: { cpe: "cpe:/a:oracle:siebel_crm:23.12", }, }, }, ], category: "product_name", name: "Siebel CRM", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Oracle Siebel CRM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Siebel CRM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1436", }, ], }
wid-sec-w-2024-0888
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-04-16 22:00
Summary
Oracle Systems: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Systems umfasst eine Sammlung von Hardware, Betriebssystemen, Servern und Anwendungen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Oracle Systems ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Systems umfasst eine Sammlung von Hardware, Betriebssystemen, Servern und Anwendungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Oracle Systems ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0888 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0888.json", }, { category: "self", summary: "WID-SEC-2024-0888 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0888", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Systems vom 2024-04-16", url: "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixSUNS", }, ], source_lang: "en-US", title: "Oracle Systems: Mehrere Schwachstellen", tracking: { current_release_date: "2024-04-16T22:00:00.000+00:00", generator: { date: "2024-08-15T18:07:45.335+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0888", initial_release_date: "2024-04-16T22:00:00.000+00:00", revision_history: [ { date: "2024-04-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "8.8", product: { name: "Oracle Systems 8.8", product_id: "T019057", product_identification_helper: { cpe: "cpe:/a:oracle:systems:8.8", }, }, }, { category: "product_version", name: "11", product: { name: "Oracle Systems 11", product_id: "T019059", product_identification_helper: { cpe: "cpe:/a:oracle:systems:11", }, }, }, { category: "product_version", name: "4", product: { name: "Oracle Systems 4", product_id: "T022889", product_identification_helper: { cpe: "cpe:/a:oracle:systems:4", }, }, }, { category: "product_version", name: "2.5", product: { name: "Oracle Systems 2.5", product_id: "T034196", product_identification_helper: { cpe: "cpe:/a:oracle:systems:2.5", }, }, }, ], category: "product_name", name: "Systems", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2020-35168", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2020-35168", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2022-24839", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-24839", }, { cve: "CVE-2022-34381", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-34381", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2024-20999", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-20999", }, { cve: "CVE-2024-21059", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21059", }, { cve: "CVE-2024-21104", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21104", }, { cve: "CVE-2024-21105", notes: [ { category: "description", text: "In Oracle Systems existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T019059", "T022889", "T034196", "T019057", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21105", }, ], }
wid-sec-w-2024-0124
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0124 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0124.json", }, { category: "self", summary: "WID-SEC-2024-0124 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0124", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Financial Services Applications vom 2024-01-16", url: "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixIFLX", }, ], source_lang: "en-US", title: "Oracle Financial Services Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-16T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:50.294+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0124", initial_release_date: "2024-01-16T23:00:00.000+00:00", revision_history: [ { date: "2024-01-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Financial Services Applications 2.7.1", product: { name: "Oracle Financial Services Applications 2.7.1", product_id: "T018979", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.7.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.8.0", product: { name: "Oracle Financial Services Applications 2.8.0", product_id: "T018980", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.8.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.9.0", product: { name: "Oracle Financial Services Applications 2.9.0", product_id: "T018981", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.9.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.0", product: { name: "Oracle Financial Services Applications 8.1.0", product_id: "T018983", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.9", product: { name: "Oracle Financial Services Applications 8.0.9", product_id: "T019890", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.9", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.1", product: { name: "Oracle Financial Services Applications 8.1.1", product_id: "T019891", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.7", product: { name: "Oracle Financial Services Applications 8.0.7", product_id: "T021676", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8", product: { name: "Oracle Financial Services Applications 8.0.8", product_id: "T021677", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.1.1", product: { name: "Oracle Financial Services Applications 8.1.1.1", product_id: "T022835", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8.1", product: { name: "Oracle Financial Services Applications 8.0.8.1", product_id: "T022844", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8.2", product: { name: "Oracle Financial Services Applications 8.0.8.2", product_id: "T024990", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.9.1", product: { name: "Oracle Financial Services Applications 2.9.1", product_id: "T027359", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.9.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2", product: { name: "Oracle Financial Services Applications 8.1.2", product_id: "T028705", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.5", product: { name: "Oracle Financial Services Applications 8.1.2.5", product_id: "T028706", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.5", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.7.0", product: { name: "Oracle Financial Services Applications <= 14.7.0", product_id: "T028707", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.1.0", product: { name: "Oracle Financial Services Applications 22.1.0", product_id: "T032101", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.2.0", product: { name: "Oracle Financial Services Applications 22.2.0", product_id: "T032102", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.2.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 21.1.0", product: { name: "Oracle Financial Services Applications 21.1.0", product_id: "T032103", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:21.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.6", product: { name: "Oracle Financial Services Applications 8.1.2.6", product_id: "T032104", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.6", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.1.0", product: { name: "Oracle Financial Services Applications 19.1.0", product_id: "T032105", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 5.0.0", product: { name: "Oracle Financial Services Applications 5.0.0", product_id: "T032106", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:5.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 5.1.0", product: { name: "Oracle Financial Services Applications 5.1.0", product_id: "T032107", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:5.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 3.2.0", product: { name: "Oracle Financial Services Applications <= 3.2.0", product_id: "T032108", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:3.2.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 4.0.0", product: { name: "Oracle Financial Services Applications 4.0.0", product_id: "T032109", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:4.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 6.0.0", product: { name: "Oracle Financial Services Applications 6.0.0", product_id: "T032110", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:6.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0.3.0", product: { name: "Oracle Financial Services Applications 14.7.0.3.0", product_id: "T032111", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.3.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 3.0.0", product: { name: "Oracle Financial Services Applications 3.0.0", product_id: "T032112", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:3.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 3.1.0", product: { name: "Oracle Financial Services Applications 3.1.0", product_id: "T032113", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:3.1.0", }, }, }, ], category: "product_name", name: "Financial Services Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5072", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-5072", }, { cve: "CVE-2023-46604", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-46604", }, { cve: "CVE-2023-44483", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-44483", }, { cve: "CVE-2023-42503", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-42503", }, { cve: "CVE-2023-34034", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-34034", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-2618", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-2618", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-21901", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-21901", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-44729", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-44729", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-36944", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-36944", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-22979", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-22979", }, { cve: "CVE-2022-22969", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-22969", }, { cve: "CVE-2020-5410", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2020-5410", }, { cve: "CVE-2020-15250", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990", ], last_affected: [ "T028707", "T032108", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2020-15250", }, ], }
wid-sec-w-2023-1813
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle Communications Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1813 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1813.json", }, { category: "self", summary: "WID-SEC-2023-1813 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1813", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Communications Applications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixCAGBU", }, ], source_lang: "en-US", title: "Oracle Communications Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:53.359+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1813", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Communications Applications 7.3.5", product: { name: "Oracle Communications Applications 7.3.5", product_id: "T018937", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.3.5", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.0", product: { name: "Oracle Communications Applications 7.4.0", product_id: "T018938", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.1", product: { name: "Oracle Communications Applications 7.4.1", product_id: "T018939", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 7.4.2", product: { name: "Oracle Communications Applications <= 7.4.2", product_id: "T018940", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.5.0", product: { name: "Oracle Communications Applications 7.5.0", product_id: "T021639", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.5.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.6.0", product: { name: "Oracle Communications Applications <= 12.0.0.6.0", product_id: "T023905", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.7.0", product: { name: "Oracle Communications Applications <= 12.0.0.7.0", product_id: "T024968", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 8.0.0.7.0", product: { name: "Oracle Communications Applications <= 8.0.0.7.0", product_id: "T025860", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 6.0.2", product: { name: "Oracle Communications Applications <= 6.0.2", product_id: "T027323", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.0.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.6.0.0", product: { name: "Oracle Communications Applications <= 12.0.6.0.0", product_id: "T027325", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.6.0.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.8.0", product: { name: "Oracle Communications Applications <= 12.0.0.8.0", product_id: "T028669", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.8.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 3.0.3.2", product: { name: "Oracle Communications Applications 3.0.3.2", product_id: "T028670", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:3.0.3.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.1.0.21.0", product: { name: "Oracle Communications Applications 8.1.0.21.0", product_id: "T028671", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.1.0.21.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 5.5.17", product: { name: "Oracle Communications Applications <= 5.5.17", product_id: "T028672", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:5.5.17", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 8.0.0.8.0", product: { name: "Oracle Communications Applications <= 8.0.0.8.0", product_id: "T028673", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.8.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 10.0.1.7.0", product: { name: "Oracle Communications Applications 10.0.1.7.0", product_id: "T028674", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:10.0.1.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 5.5.16", product: { name: "Oracle Communications Applications <= 5.5.16", product_id: "T028675", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:5.5.16", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.0.7.0", product: { name: "Oracle Communications Applications 7.4.0.7.0", product_id: "T028676", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.1.5.0", product: { name: "Oracle Communications Applications 7.4.1.5.0", product_id: "T028677", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.1.5.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.2.8.0", product: { name: "Oracle Communications Applications 7.4.2.8.0", product_id: "T028678", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.2.8.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.3.6.4", product: { name: "Oracle Communications Applications 7.3.6.4", product_id: "T028679", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.3.6.4", }, }, }, ], category: "product_name", name: "Communications Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-28709", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28709", }, { cve: "CVE-2023-25194", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25194", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-20873", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20873", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20862", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20862", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-46364", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-46364", }, { cve: "CVE-2022-46153", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-46153", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41915", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41915", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-3479", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-3479", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-23437", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-23437", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2021-43859", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-43859", }, { cve: "CVE-2021-42575", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-42575", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2021-22569", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-22569", }, { cve: "CVE-2020-8908", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-8908", }, { cve: "CVE-2020-35169", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-35169", }, ], }
wid-sec-w-2024-0671
Vulnerability from csaf_certbund
Published
2024-03-19 23:00
Modified
2024-11-24 23:00
Summary
Atlassian Jira Software: Mehrere Schwachstellen ermöglichen Codeausführung und DoS
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Jira ist eine Webanwendung zur Softwareentwicklung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in der Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0671 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0671.json", }, { category: "self", summary: "WID-SEC-2024-0671 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0671", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-03-19", url: "https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html", }, ], source_lang: "en-US", title: "Atlassian Jira Software: Mehrere Schwachstellen ermöglichen Codeausführung und DoS", tracking: { current_release_date: "2024-11-24T23:00:00.000+00:00", generator: { date: "2024-11-25T09:15:33.636+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0671", initial_release_date: "2024-03-19T23:00:00.000+00:00", revision_history: [ { date: "2024-03-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-03-20T23:00:00.000+00:00", number: "2", summary: "CVSS korrigiert", }, { date: "2024-11-24T23:00:00.000+00:00", number: "3", summary: "Produktzuordnung überprüft", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "Data Center and Server <9.14.1", product: { name: "Atlassian Jira Software Data Center and Server <9.14.1", product_id: "T033559", }, }, { category: "product_version", name: "Data Center and Server 9.14.1", product: { name: "Atlassian Jira Software Data Center and Server 9.14.1", product_id: "T033559-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.14.1", }, }, }, { category: "product_version_range", name: "Data Center <9.14.0", product: { name: "Atlassian Jira Software Data Center <9.14.0", product_id: "T033561", }, }, { category: "product_version", name: "Data Center 9.14.0", product: { name: "Atlassian Jira Software Data Center 9.14.0", product_id: "T033561-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center__9.14.0", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.13.1", product: { name: "Atlassian Jira Software Data Center and Server <9.13.1", product_id: "T033563", }, }, { category: "product_version", name: "Data Center and Server 9.13.1", product: { name: "Atlassian Jira Software Data Center and Server 9.13.1", product_id: "T033563-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.13.1", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.12.5", product: { name: "Atlassian Jira Software Data Center and Server <9.12.5", product_id: "T033564", }, }, { category: "product_version", name: "Data Center and Server 9.12.5", product: { name: "Atlassian Jira Software Data Center and Server 9.12.5", product_id: "T033564-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.12.5", }, }, }, { category: "product_version_range", name: "Data Center and Server <9.4.18", product: { name: "Atlassian Jira Software Data Center and Server <9.4.18", product_id: "T033566", }, }, { category: "product_version", name: "Data Center and Server 9.4.18", product: { name: "Atlassian Jira Software Data Center and Server 9.4.18", product_id: "T033566-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:data_center_and_server__9.4.18", }, }, }, ], category: "product_name", name: "Jira Software", }, ], category: "vendor", name: "Atlassian", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24839", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-24839", }, { cve: "CVE-2022-28366", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-28366", }, { cve: "CVE-2022-29546", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-29546", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-3509", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-3509", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-40149", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40149", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-41704", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-41704", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-45685", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-45685", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-34453", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34453", }, { cve: "CVE-2023-34454", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34454", }, { cve: "CVE-2023-34455", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-34455", }, { cve: "CVE-2023-39410", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-39410", }, { cve: "CVE-2023-43642", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-43642", }, { cve: "CVE-2023-5072", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Atlassian Jira Software. Diese Fehler bestehen in den Komponenten Data Center und Server und basieren auf Problemen mehrerer Dritthersteller. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.", }, ], product_status: { known_affected: [ "T033566", "T033559", "T033563", "T033564", "T033561", ], }, release_date: "2024-03-19T23:00:00.000+00:00", title: "CVE-2023-5072", }, ], }
WID-SEC-W-2024-0120
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle JD Edwards: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Komponenten der Oracle JDEdwards sind vollständig integrierte und komplette Lösungen geschäftlicher Anwendungen (ERP) für Unternehmen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle JD Edwards ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Die Komponenten der Oracle JDEdwards sind vollständig integrierte und komplette Lösungen geschäftlicher Anwendungen (ERP) für Unternehmen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle JD Edwards ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0120 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0120.json", }, { category: "self", summary: "WID-SEC-2024-0120 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0120", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle JD Edwards vom 2024-01-16", url: "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJDE", }, ], source_lang: "en-US", title: "Oracle JD Edwards: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-16T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:47.894+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0120", initial_release_date: "2024-01-16T23:00:00.000+00:00", revision_history: [ { date: "2024-01-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle JD Edwards < 9.2.8.1", product: { name: "Oracle JD Edwards < 9.2.8.1", product_id: "T032147", product_identification_helper: { cpe: "cpe:/a:oracle:jd_edwards_enterpriseone:9.2.8.1", }, }, }, { category: "product_name", name: "Oracle JD Edwards < 9.2.8.0", product: { name: "Oracle JD Edwards < 9.2.8.0", product_id: "T032148", product_identification_helper: { cpe: "cpe:/a:oracle:jd_edwards_enterpriseone:9.2.8.0", }, }, }, ], category: "product_name", name: "JD Edwards", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2024-20957", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20957", }, { cve: "CVE-2024-20937", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20937", }, { cve: "CVE-2024-20905", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20905", }, { cve: "CVE-2023-32002", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-32002", }, { cve: "CVE-2023-28756", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-28756", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-3479", notes: [ { category: "description", text: "In Oracle JD Edwards existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-3479", }, ], }
wid-sec-w-2023-1142
Vulnerability from csaf_certbund
Published
2023-05-03 22:00
Modified
2024-02-28 23:00
Summary
Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1142 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1142.json", }, { category: "self", summary: "WID-SEC-2023-1142 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1142", }, { category: "external", summary: "RedHat Security Advisory vom 2023-05-03", url: "https://access.redhat.com/errata/RHSA-2023:2100", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3179 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3179", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3193 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3193", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15", url: "https://access.redhat.com/errata/RHSA-2023:3622", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3667 vom 2023-06-19", url: "https://access.redhat.com/errata/RHSA-2023:3667", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3626 vom 2023-06-23", url: "https://access.redhat.com/errata/RHSA-2023:3626", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3625 vom 2023-06-23", url: "https://access.redhat.com/errata/RHSA-2023:3625", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3906 vom 2023-06-28", url: "https://access.redhat.com/errata/RHSA-2023:3906", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29", url: "https://access.redhat.com/errata/RHSA-2023:3954", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-2165 vom 2023-07-26", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4506 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4506", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4507 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4507", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4505 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4505", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4509 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4509", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4612 vom 2023-08-16", url: "https://access.redhat.com/errata/RHSA-2023:4612", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4919 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4919", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4921 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4921", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4924 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4924", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4918 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4918", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4920 vom 2023-08-31", url: "https://access.redhat.com/errata/RHSA-2023:4920", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:7670 vom 2023-12-06", url: "https://access.redhat.com/errata/RHSA-2023:7670", }, { category: "external", summary: "Dell Security Advisory DSA-2023-300 vom 2023-12-22", url: "https://www.dell.com/support/kbdoc/000220649/dsa-2023-=", }, { category: "external", summary: "Dell Security Advisory DSA-2023-409 vom 2023-12-23", url: "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-1910 vom 2024-01-23", url: "https://alas.aws.amazon.com/ALAS-2024-1910.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28", url: "https://access.redhat.com/errata/RHSA-2024:1027", }, ], source_lang: "en-US", title: "Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen", tracking: { current_release_date: "2024-02-28T23:00:00.000+00:00", generator: { date: "2024-08-15T17:50:22.698+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1142", initial_release_date: "2023-05-03T22:00:00.000+00:00", revision_history: [ { date: "2023-05-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-05-18T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-15T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-25T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-28T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-29T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-07-25T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-08-07T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-08-16T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-08-31T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-12-06T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-12-21T23:00:00.000+00:00", number: "13", summary: "Neue Updates von Dell aufgenommen", }, { date: "2023-12-26T23:00:00.000+00:00", number: "14", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-01-22T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-02-28T23:00:00.000+00:00", number: "16", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "16", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Dell NetWorker", product: { name: "Dell NetWorker", product_id: "T024663", product_identification_helper: { cpe: "cpe:/a:dell:networker:-", }, }, }, ], category: "vendor", name: "Dell", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version_range", name: "Integration Camel for Spring Boot < 3.20.1", product: { name: "Red Hat Enterprise Linux Integration Camel for Spring Boot < 3.20.1", product_id: "T027614", }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version", name: "Camel Extensions for Quarkus 1", product: { name: "Red Hat Integration Camel Extensions for Quarkus 1", product_id: "T026453", product_identification_helper: { cpe: "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1", }, }, }, ], category: "product_name", name: "Integration", }, { branches: [ { category: "product_version_range", name: "Container Platform < 4.10.62", product: { name: "Red Hat OpenShift Container Platform < 4.10.62", product_id: "T028308", }, }, { category: "product_version", name: "Application Runtimes", product: { name: "Red Hat OpenShift Application Runtimes", product_id: "T029341", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:application_runtimes", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-22602", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-22602", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-20860", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-20860", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-4492", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-4492", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-41854", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41854", }, { cve: "CVE-2022-41853", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41853", }, { cve: "CVE-2022-41852", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41852", }, { cve: "CVE-2022-41704", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-41704", }, { cve: "CVE-2022-40156", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40156", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-40151", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40151", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-39368", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-39368", }, { cve: "CVE-2022-38752", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38752", }, { cve: "CVE-2022-38751", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38751", }, { cve: "CVE-2022-38750", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38750", }, { cve: "CVE-2022-38749", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38749", }, { cve: "CVE-2022-38648", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38648", }, { cve: "CVE-2022-38398", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-38398", }, { cve: "CVE-2022-37866", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-37866", }, { cve: "CVE-2022-37865", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-37865", }, { cve: "CVE-2022-33681", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-33681", }, { cve: "CVE-2022-31777", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-31777", }, { cve: "CVE-2022-25857", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2022-25857", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In der Red Hat Integration Camel for Spring Boot existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden. Zur Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder Nutzerinteraktion nötig.", }, ], product_status: { known_affected: [ "T029341", "67646", "T027614", "T028308", "T024663", "398363", "T026453", ], }, release_date: "2023-05-03T22:00:00.000+00:00", title: "CVE-2021-37533", }, ], }
wid-sec-w-2024-0892
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-04-16 22:00
Summary
Oracle Retail Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0892 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0892.json", }, { category: "self", summary: "WID-SEC-2024-0892 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0892", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Retail Applications vom 2024-04-16", url: "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixRAPP", }, ], source_lang: "en-US", title: "Oracle Retail Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-04-16T22:00:00.000+00:00", generator: { date: "2024-08-15T18:07:46.143+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0892", initial_release_date: "2024-04-16T22:00:00.000+00:00", revision_history: [ { date: "2024-04-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "16.0.3", product: { name: "Oracle Retail Applications 16.0.3", product_id: "T019034", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:16.0.3", }, }, }, { category: "product_version", name: "19.0.1", product: { name: "Oracle Retail Applications 19.0.1", product_id: "T019038", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.0.1", }, }, }, { category: "product_version", name: "15.0.3.1", product: { name: "Oracle Retail Applications 15.0.3.1", product_id: "T019909", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0.3.1", }, }, }, { category: "product_version", name: "14.1.3.2", product: { name: "Oracle Retail Applications 14.1.3.2", product_id: "T019910", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:14.1.3.2", }, }, }, { category: "product_version", name: "14.1.3", product: { name: "Oracle Retail Applications 14.1.3", product_id: "T020720", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:14.1.3", }, }, }, { category: "product_version", name: "15.0.3", product: { name: "Oracle Retail Applications 15.0.3", product_id: "T020721", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:15.0.3", }, }, }, { category: "product_version", name: "14.1.3.1", product: { name: "Oracle Retail Applications 14.1.3.1", product_id: "T034182", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:14.1.3.1", }, }, }, { category: "product_version", name: "19.0.5", product: { name: "Oracle Retail Applications 19.0.5", product_id: "T034183", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.0.5", }, }, }, { category: "product_version", name: "20.0.4", product: { name: "Oracle Retail Applications 20.0.4", product_id: "T034184", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:20.0.4", }, }, }, { category: "product_version", name: "21.0.3", product: { name: "Oracle Retail Applications 21.0.3", product_id: "T034185", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:21.0.3", }, }, }, { category: "product_version", name: "22.0.1", product: { name: "Oracle Retail Applications 22.0.1", product_id: "T034186", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:22.0.1", }, }, }, { category: "product_version", name: "23.0.1", product: { name: "Oracle Retail Applications 23.0.1", product_id: "T034187", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:23.0.1", }, }, }, { category: "product_version", name: "19.0.0.9", product: { name: "Oracle Retail Applications 19.0.0.9", product_id: "T034188", product_identification_helper: { cpe: "cpe:/a:oracle:retail_applications:19.0.0.9", }, }, }, ], category: "product_name", name: "Retail Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2022-34381", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-34381", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-46337", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-46337", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-34981", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34981", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T034187", "T034186", "T034185", "T034184", "T019034", "T034188", "T019038", "T020720", "T034183", "T019910", "T034182", "T020721", "T019909", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, ], }
WID-SEC-W-2023-1808
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1808 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1808.json", }, { category: "self", summary: "WID-SEC-2023-1808 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1808", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Financial Services Applications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixIFLX", }, ], source_lang: "en-US", title: "Oracle Financial Services Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:51.752+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1808", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Financial Services Applications 8.1.0", product: { name: "Oracle Financial Services Applications 8.1.0", product_id: "T018983", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.3", product: { name: "Oracle Financial Services Applications <= 14.3", product_id: "T019887", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.1", product: { name: "Oracle Financial Services Applications 8.1.1", product_id: "T019891", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.7", product: { name: "Oracle Financial Services Applications 8.0.7", product_id: "T021676", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8", product: { name: "Oracle Financial Services Applications 8.0.8", product_id: "T021677", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.1.1", product: { name: "Oracle Financial Services Applications 8.1.1.1", product_id: "T022835", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8.1", product: { name: "Oracle Financial Services Applications 8.0.8.1", product_id: "T022844", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.0.8.2", product: { name: "Oracle Financial Services Applications 8.0.8.2", product_id: "T024990", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.7", product: { name: "Oracle Financial Services Applications <= 14.7", product_id: "T027348", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.4", product: { name: "Oracle Financial Services Applications 8.1.2.4", product_id: "T027351", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.4", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.6", product: { name: "Oracle Financial Services Applications 14.6", product_id: "T027355", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.6", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 18.2.0.0.0", product: { name: "Oracle Financial Services Applications 18.2.0.0.0", product_id: "T028691", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:18.2.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 18.3.0.0.0", product: { name: "Oracle Financial Services Applications 18.3.0.0.0", product_id: "T028692", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:18.3.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.1.0.0.0", product: { name: "Oracle Financial Services Applications 19.1.0.0.0", product_id: "T028693", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.1.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.2.0.0.0", product: { name: "Oracle Financial Services Applications 19.2.0.0.0", product_id: "T028694", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.2.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 21.1.0.0.0", product: { name: "Oracle Financial Services Applications 21.1.0.0.0", product_id: "T028695", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:21.1.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.1.0.0.0", product: { name: "Oracle Financial Services Applications 22.1.0.0.0", product_id: "T028696", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.1.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.2.0.0.0", product: { name: "Oracle Financial Services Applications 22.2.0.0.0", product_id: "T028697", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.2.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0.2.0", product: { name: "Oracle Financial Services Applications 14.7.0.2.0", product_id: "T028698", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.2.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.1.0.0", product: { name: "Oracle Financial Services Applications 14.7.1.0.0", product_id: "T028699", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.1.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.5.0.8.0", product: { name: "Oracle Financial Services Applications 14.5.0.8.0", product_id: "T028700", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.5.0.8.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.6.0.4.0", product: { name: "Oracle Financial Services Applications 14.6.0.4.0", product_id: "T028701", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.6.0.4.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0.0.0", product: { name: "Oracle Financial Services Applications 14.7.0.0.0", product_id: "T028702", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.0.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.6.0.3.0", product: { name: "Oracle Financial Services Applications 14.6.0.3.0", product_id: "T028703", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.6.0.3.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0.1.0", product: { name: "Oracle Financial Services Applications 14.7.0.1.0", product_id: "T028704", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.1.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2", product: { name: "Oracle Financial Services Applications 8.1.2", product_id: "T028705", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.5", product: { name: "Oracle Financial Services Applications 8.1.2.5", product_id: "T028706", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.5", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 14.7.0", product: { name: "Oracle Financial Services Applications 14.7.0", product_id: "T028707", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0", }, }, }, ], category: "product_name", name: "Financial Services Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-28708", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28708", }, { cve: "CVE-2023-28439", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28439", }, { cve: "CVE-2023-25194", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25194", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-48285", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-48285", }, { cve: "CVE-2022-46364", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-46364", }, { cve: "CVE-2022-45693", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45693", }, { cve: "CVE-2022-45199", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45199", }, { cve: "CVE-2022-45143", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45143", }, { cve: "CVE-2022-45047", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45047", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-33879", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-33879", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-31129", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-31129", }, { cve: "CVE-2022-2048", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-2048", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2020-13936", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T019891", "T021677", "T022844", "T018983", "T021676", "T028707", "T028705", "T028706", "T028703", "T028704", "T028701", "T028702", "T028700", "T027355", "T028693", "T028694", "T028691", "T028692", "T022835", "T028699", "T028697", "T028698", "T028695", "T024990", "T028696", ], last_affected: [ "T019887", "T027348", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-13936", }, ], }
wid-sec-w-2023-2675
Vulnerability from csaf_certbund
Published
2023-10-17 22:00
Modified
2023-10-17 22:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2675 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2675.json", }, { category: "self", summary: "WID-SEC-2023-2675 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2675", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Financial Services Applications vom 2023-10-17", url: "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixIFLX", }, ], source_lang: "en-US", title: "Oracle Financial Services Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-17T22:00:00.000+00:00", generator: { date: "2024-08-15T17:59:59.509+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2675", initial_release_date: "2023-10-17T22:00:00.000+00:00", revision_history: [ { date: "2023-10-17T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Financial Services Applications 2.6.2", product: { name: "Oracle Financial Services Applications 2.6.2", product_id: "T018977", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.6.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.9.0", product: { name: "Oracle Financial Services Applications 2.9.0", product_id: "T018981", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.9.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.3", product: { name: "Oracle Financial Services Applications <= 14.3", product_id: "T019887", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 12.3", product: { name: "Oracle Financial Services Applications 12.3", product_id: "T019893", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:12.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 12.4", product: { name: "Oracle Financial Services Applications 12.4", product_id: "T019894", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:12.4", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 11.8", product: { name: "Oracle Financial Services Applications <= 11.8", product_id: "T020696", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:11.8", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 11.10", product: { name: "Oracle Financial Services Applications 11.10", product_id: "T020698", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:11.10", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 18.3", product: { name: "Oracle Financial Services Applications 18.3", product_id: "T021669", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:18.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.1", product: { name: "Oracle Financial Services Applications 19.1", product_id: "T021670", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.2", product: { name: "Oracle Financial Services Applications 19.2", product_id: "T021671", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 21.1", product: { name: "Oracle Financial Services Applications 21.1", product_id: "T021673", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:21.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.7", product: { name: "Oracle Financial Services Applications 2.7", product_id: "T023927", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.12", product: { name: "Oracle Financial Services Applications 2.12", product_id: "T023929", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.12", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.7", product: { name: "Oracle Financial Services Applications <= 14.7", product_id: "T027348", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.1", product: { name: "Oracle Financial Services Applications 22.1", product_id: "T027349", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.2", product: { name: "Oracle Financial Services Applications 22.2", product_id: "T027350", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.4", product: { name: "Oracle Financial Services Applications 8.1.2.4", product_id: "T027351", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.4", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.3", product: { name: "Oracle Financial Services Applications 8.1.2.3", product_id: "T027352", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 11.11", product: { name: "Oracle Financial Services Applications 11.11", product_id: "T027366", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:11.11", }, }, }, ], category: "product_name", name: "Financial Services Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-34981", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-34981", }, { cve: "CVE-2023-34462", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-34462", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-28439", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-28439", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-22946", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22946", }, { cve: "CVE-2023-22125", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22125", }, { cve: "CVE-2023-22124", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22124", }, { cve: "CVE-2023-22123", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22123", }, { cve: "CVE-2023-22122", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22122", }, { cve: "CVE-2023-22121", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22121", }, { cve: "CVE-2023-22119", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22119", }, { cve: "CVE-2023-22118", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22118", }, { cve: "CVE-2023-22117", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22117", }, { cve: "CVE-2023-20883", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20883", }, { cve: "CVE-2023-20873", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20873", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20862", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20862", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-48285", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-48285", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-33980", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-33980", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-29577", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-29577", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2021-41165", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-41165", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-37533", }, ], }
WID-SEC-W-2023-1813
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-18 22:00
Summary
Oracle Communications Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1813 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1813.json", }, { category: "self", summary: "WID-SEC-2023-1813 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1813", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Communications Applications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixCAGBU", }, ], source_lang: "en-US", title: "Oracle Communications Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-18T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:53.359+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1813", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Communications Applications 7.3.5", product: { name: "Oracle Communications Applications 7.3.5", product_id: "T018937", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.3.5", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.0", product: { name: "Oracle Communications Applications 7.4.0", product_id: "T018938", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.1", product: { name: "Oracle Communications Applications 7.4.1", product_id: "T018939", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 7.4.2", product: { name: "Oracle Communications Applications <= 7.4.2", product_id: "T018940", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.5.0", product: { name: "Oracle Communications Applications 7.5.0", product_id: "T021639", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.5.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.6.0", product: { name: "Oracle Communications Applications <= 12.0.0.6.0", product_id: "T023905", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.7.0", product: { name: "Oracle Communications Applications <= 12.0.0.7.0", product_id: "T024968", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 8.0.0.7.0", product: { name: "Oracle Communications Applications <= 8.0.0.7.0", product_id: "T025860", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 6.0.2", product: { name: "Oracle Communications Applications <= 6.0.2", product_id: "T027323", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.0.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.6.0.0", product: { name: "Oracle Communications Applications <= 12.0.6.0.0", product_id: "T027325", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.6.0.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.8.0", product: { name: "Oracle Communications Applications <= 12.0.0.8.0", product_id: "T028669", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.8.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 3.0.3.2", product: { name: "Oracle Communications Applications 3.0.3.2", product_id: "T028670", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:3.0.3.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.1.0.21.0", product: { name: "Oracle Communications Applications 8.1.0.21.0", product_id: "T028671", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.1.0.21.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 5.5.17", product: { name: "Oracle Communications Applications <= 5.5.17", product_id: "T028672", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:5.5.17", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 8.0.0.8.0", product: { name: "Oracle Communications Applications <= 8.0.0.8.0", product_id: "T028673", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.8.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 10.0.1.7.0", product: { name: "Oracle Communications Applications 10.0.1.7.0", product_id: "T028674", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:10.0.1.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 5.5.16", product: { name: "Oracle Communications Applications <= 5.5.16", product_id: "T028675", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:5.5.16", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.0.7.0", product: { name: "Oracle Communications Applications 7.4.0.7.0", product_id: "T028676", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.1.5.0", product: { name: "Oracle Communications Applications 7.4.1.5.0", product_id: "T028677", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.1.5.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.2.8.0", product: { name: "Oracle Communications Applications 7.4.2.8.0", product_id: "T028678", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.2.8.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.3.6.4", product: { name: "Oracle Communications Applications 7.3.6.4", product_id: "T028679", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.3.6.4", }, }, }, ], category: "product_name", name: "Communications Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-28709", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28709", }, { cve: "CVE-2023-25194", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25194", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-20873", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20873", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20862", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20862", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-46364", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-46364", }, { cve: "CVE-2022-46153", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-46153", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41915", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41915", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-3479", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-3479", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-23437", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-23437", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2021-43859", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-43859", }, { cve: "CVE-2021-42575", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-42575", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2021-22569", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-22569", }, { cve: "CVE-2020-8908", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-8908", }, { cve: "CVE-2020-35169", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer, authentisierter oder lokaler Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028671", "T028670", "T028679", "T018937", "T021639", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674", ], last_affected: [ "T024968", "T028672", "T018940", "T028669", "T027325", "T028675", "T023905", "T027323", "T025860", "T028673", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-35169", }, ], }
WID-SEC-W-2023-1812
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-20 22:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1812 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1812.json", }, { category: "self", summary: "WID-SEC-2023-1812 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1812", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:2263-2 vom 2023-07-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015545.html", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Communications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixCGBU", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-20T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:52.927+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1812", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-07-20T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Communications 5.0", product: { name: "Oracle Communications 5.0", product_id: "T021645", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.0", }, }, }, { category: "product_name", name: "Oracle Communications 8.6.0.0", product: { name: "Oracle Communications 8.6.0.0", product_id: "T024970", product_identification_helper: { cpe: "cpe:/a:oracle:communications:8.6.0.0", }, }, }, { category: "product_name", name: "Oracle Communications 22.4.0", product: { name: "Oracle Communications 22.4.0", product_id: "T024981", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.0", }, }, }, { category: "product_name", name: "Oracle Communications 22.3.2", product: { name: "Oracle Communications 22.3.2", product_id: "T025865", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.3.2", }, }, }, { category: "product_name", name: "Oracle Communications 22.4.1", product: { name: "Oracle Communications 22.4.1", product_id: "T025869", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.1", }, }, }, { category: "product_name", name: "Oracle Communications 23.1.0", product: { name: "Oracle Communications 23.1.0", product_id: "T027326", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.0", }, }, }, { category: "product_name", name: "Oracle Communications 22.4.2", product: { name: "Oracle Communications 22.4.2", product_id: "T027327", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.2", }, }, }, { category: "product_name", name: "Oracle Communications 23.1.1", product: { name: "Oracle Communications 23.1.1", product_id: "T027329", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.1", }, }, }, { category: "product_name", name: "Oracle Communications 22.4.3", product: { name: "Oracle Communications 22.4.3", product_id: "T028680", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.3", }, }, }, { category: "product_name", name: "Oracle Communications 23.1.2", product: { name: "Oracle Communications 23.1.2", product_id: "T028681", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.2", }, }, }, { category: "product_name", name: "Oracle Communications 23.2.0", product: { name: "Oracle Communications 23.2.0", product_id: "T028682", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.0", }, }, }, { category: "product_name", name: "Oracle Communications 6.2.0", product: { name: "Oracle Communications 6.2.0", product_id: "T028683", product_identification_helper: { cpe: "cpe:/a:oracle:communications:6.2.0", }, }, }, { category: "product_name", name: "Oracle Communications 5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_name", name: "Oracle Communications 9.1.1.5.0", product: { name: "Oracle Communications 9.1.1.5.0", product_id: "T028685", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.5.0", }, }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2023-30861", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-30861", }, { cve: "CVE-2023-29007", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-29007", }, { cve: "CVE-2023-28856", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28856", }, { cve: "CVE-2023-28708", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28708", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-27901", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-27901", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-25194", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25194", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-23931", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-23931", }, { cve: "CVE-2023-22809", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22809", }, { cve: "CVE-2023-21971", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-21971", }, { cve: "CVE-2023-20873", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20873", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20862", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20862", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-1999", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1999", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2023-0767", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0767", }, { cve: "CVE-2023-0361", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0361", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2022-45787", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45787", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-45061", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45061", }, { cve: "CVE-2022-4450", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-4450", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-36944", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-36944", }, { cve: "CVE-2022-2963", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-2963", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2021-40528", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-40528", }, { cve: "CVE-2021-25220", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-25220", }, { cve: "CVE-2020-10735", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-10735", }, ], }
wid-sec-w-2024-0125
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Enterprise Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0125 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0125.json", }, { category: "self", summary: "WID-SEC-2024-0125 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0125", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Enterprise Manager vom 2024-01-16", url: "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixEM", }, ], source_lang: "en-US", title: "Oracle Enterprise Manager: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-16T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:50.727+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0125", initial_release_date: "2024-01-16T23:00:00.000+00:00", revision_history: [ { date: "2024-01-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Enterprise Manager 12.4.0.0", product: { name: "Oracle Enterprise Manager 12.4.0.0", product_id: "T018973", product_identification_helper: { cpe: "cpe:/a:oracle:enterprise_manager:12.4.0.0", }, }, }, { category: "product_name", name: "Oracle Enterprise Manager 13.3.0.1", product: { name: "Oracle Enterprise Manager 13.3.0.1", product_id: "T018974", product_identification_helper: { cpe: "cpe:/a:oracle:enterprise_manager:13.3.0.1", }, }, }, { category: "product_name", name: "Oracle Enterprise Manager 13.5.0.0", product: { name: "Oracle Enterprise Manager 13.5.0.0", product_id: "T020692", product_identification_helper: { cpe: "cpe:/a:oracle:enterprise_manager:13.5.0.0", }, }, }, ], category: "product_name", name: "Enterprise Manager", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2024-20917", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20917", }, { cve: "CVE-2024-20916", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2024-20916", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-2618", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-2618", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018973", "T018974", "T020692", ], }, release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2022-42003", }, ], }
wid-sec-w-2023-1807
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-12-26 23:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1807 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1807.json", }, { category: "self", summary: "WID-SEC-2023-1807 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1807", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Fusion Middleware vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixFMW", }, { category: "external", summary: "Dell Security Advisory DSA-2023-409 vom 2023-12-23", url: "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=", }, ], source_lang: "en-US", title: "Oracle Fusion Middleware: Mehrere Schwachstellen", tracking: { current_release_date: "2023-12-26T23:00:00.000+00:00", generator: { date: "2024-08-15T17:55:51.397+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1807", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-26T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Dell aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Fusion Middleware 12.2.1.3.0", product: { name: "Oracle Fusion Middleware 12.2.1.3.0", product_id: "618028", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.3.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 12.2.1.4.0", product: { name: "Oracle Fusion Middleware 12.2.1.4.0", product_id: "751674", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.4.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 14.1.1.0.0", product: { name: "Oracle Fusion Middleware 14.1.1.0.0", product_id: "829576", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:14.1.1.0.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 9.1.0", product: { name: "Oracle Fusion Middleware 9.1.0", product_id: "T022847", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:9.1.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware < 11.1.2.3.1", product: { name: "Oracle Fusion Middleware < 11.1.2.3.1", product_id: "T028708", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:11.1.2.3.1", }, }, }, ], category: "product_name", name: "Fusion Middleware", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-26119", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-26119", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-25194", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25194", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-22899", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22899", }, { cve: "CVE-2023-22040", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22040", }, { cve: "CVE-2023-22031", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22031", }, { cve: "CVE-2023-21994", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-21994", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-20860", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20860", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-45047", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45047", }, { cve: "CVE-2022-43680", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-43680", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41853", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41853", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-33879", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-33879", }, { cve: "CVE-2022-31197", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-31197", }, { cve: "CVE-2022-29546", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-29546", }, { cve: "CVE-2022-25647", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-25647", }, { cve: "CVE-2022-24409", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-24409", }, { cve: "CVE-2022-23437", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-23437", }, { cve: "CVE-2021-46877", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-46877", }, { cve: "CVE-2021-43113", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-43113", }, { cve: "CVE-2021-42575", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-42575", }, { cve: "CVE-2021-41184", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-41184", }, { cve: "CVE-2021-4104", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-4104", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-36090", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-36090", }, { cve: "CVE-2021-34429", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-34429", }, { cve: "CVE-2021-33813", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-33813", }, { cve: "CVE-2021-29425", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-29425", }, { cve: "CVE-2021-28168", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-28168", }, { cve: "CVE-2021-26117", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-26117", }, { cve: "CVE-2021-23926", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-23926", }, { cve: "CVE-2020-8908", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-8908", }, { cve: "CVE-2020-36518", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-36518", }, { cve: "CVE-2020-17521", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-17521", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2020-13936", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen sind bestimmte Privilegien und eine Benutzerinteraktion erforderlich. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T022847", "618028", "751674", "829576", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-13936", }, ], }
wid-sec-w-2023-1812
Vulnerability from csaf_certbund
Published
2023-07-18 22:00
Modified
2023-07-20 22:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1812 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1812.json", }, { category: "self", summary: "WID-SEC-2023-1812 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1812", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:2263-2 vom 2023-07-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015545.html", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2023 - Appendix Oracle Communications vom 2023-07-18", url: "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixCGBU", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-07-20T22:00:00.000+00:00", generator: { date: "2024-08-15T17:55:52.927+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1812", initial_release_date: "2023-07-18T22:00:00.000+00:00", revision_history: [ { date: "2023-07-18T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-07-20T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Communications 5.0", product: { name: "Oracle Communications 5.0", product_id: "T021645", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.0", }, }, }, { category: "product_name", name: "Oracle Communications 8.6.0.0", product: { name: "Oracle Communications 8.6.0.0", product_id: "T024970", product_identification_helper: { cpe: "cpe:/a:oracle:communications:8.6.0.0", }, }, }, { category: "product_name", name: "Oracle Communications 22.4.0", product: { name: "Oracle Communications 22.4.0", product_id: "T024981", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.0", }, }, }, { category: "product_name", name: "Oracle Communications 22.3.2", product: { name: "Oracle Communications 22.3.2", product_id: "T025865", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.3.2", }, }, }, { category: "product_name", name: "Oracle Communications 22.4.1", product: { name: "Oracle Communications 22.4.1", product_id: "T025869", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.1", }, }, }, { category: "product_name", name: "Oracle Communications 23.1.0", product: { name: "Oracle Communications 23.1.0", product_id: "T027326", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.0", }, }, }, { category: "product_name", name: "Oracle Communications 22.4.2", product: { name: "Oracle Communications 22.4.2", product_id: "T027327", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.2", }, }, }, { category: "product_name", name: "Oracle Communications 23.1.1", product: { name: "Oracle Communications 23.1.1", product_id: "T027329", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.1", }, }, }, { category: "product_name", name: "Oracle Communications 22.4.3", product: { name: "Oracle Communications 22.4.3", product_id: "T028680", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.3", }, }, }, { category: "product_name", name: "Oracle Communications 23.1.2", product: { name: "Oracle Communications 23.1.2", product_id: "T028681", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.2", }, }, }, { category: "product_name", name: "Oracle Communications 23.2.0", product: { name: "Oracle Communications 23.2.0", product_id: "T028682", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.0", }, }, }, { category: "product_name", name: "Oracle Communications 6.2.0", product: { name: "Oracle Communications 6.2.0", product_id: "T028683", product_identification_helper: { cpe: "cpe:/a:oracle:communications:6.2.0", }, }, }, { category: "product_name", name: "Oracle Communications 5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_name", name: "Oracle Communications 9.1.1.5.0", product: { name: "Oracle Communications 9.1.1.5.0", product_id: "T028685", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.5.0", }, }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2023-30861", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-30861", }, { cve: "CVE-2023-29007", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-29007", }, { cve: "CVE-2023-28856", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28856", }, { cve: "CVE-2023-28708", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28708", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-27901", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-27901", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-25194", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-25194", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-23931", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-23931", }, { cve: "CVE-2023-22809", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-22809", }, { cve: "CVE-2023-21971", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-21971", }, { cve: "CVE-2023-20873", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20873", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20862", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20862", }, { cve: "CVE-2023-20861", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-20861", }, { cve: "CVE-2023-1999", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1999", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2023-0767", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0767", }, { cve: "CVE-2023-0361", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0361", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2022-45787", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45787", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-45061", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-45061", }, { cve: "CVE-2022-4450", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-4450", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-37434", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-37434", }, { cve: "CVE-2022-36944", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-36944", }, { cve: "CVE-2022-2963", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-2963", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2021-40528", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-40528", }, { cve: "CVE-2021-25220", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2021-25220", }, { cve: "CVE-2020-10735", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T028683", "T028680", "T028681", "T025869", "T002207", "T025865", "T021645", "T027329", "T027326", "T024970", "T024981", "T027327", "T028684", "T028685", ], }, release_date: "2023-07-18T22:00:00.000+00:00", title: "CVE-2020-10735", }, ], }
WID-SEC-W-2024-0116
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Siebel CRM: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Siebel CRM ist eine CRM-Lösung von Oracle.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Siebel CRM ausnutzen, um die Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Siebel CRM ist eine CRM-Lösung von Oracle.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Siebel CRM ausnutzen, um die Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0116 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0116.json", }, { category: "self", summary: "WID-SEC-2024-0116 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0116", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Siebel CRM vom 2024-01-16", url: "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixSECR", }, ], source_lang: "en-US", title: "Oracle Siebel CRM: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-16T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:46.701+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0116", initial_release_date: "2024-01-16T23:00:00.000+00:00", revision_history: [ { date: "2024-01-16T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Siebel CRM < 23.8", product: { name: "Oracle Siebel CRM < 23.8", product_id: "T030617", product_identification_helper: { cpe: "cpe:/a:oracle:siebel_crm:23.8", }, }, }, { category: "product_name", name: "Oracle Siebel CRM < 23.12", product: { name: "Oracle Siebel CRM < 23.12", product_id: "T032128", product_identification_helper: { cpe: "cpe:/a:oracle:siebel_crm:23.12", }, }, }, ], category: "product_name", name: "Siebel CRM", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Oracle Siebel CRM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Siebel CRM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], release_date: "2024-01-16T23:00:00.000+00:00", title: "CVE-2023-1436", }, ], }
WID-SEC-W-2023-2674
Vulnerability from csaf_certbund
Published
2023-10-17 22:00
Modified
2023-12-26 23:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2674 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2674.json", }, { category: "self", summary: "WID-SEC-2023-2674 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2674", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Fusion Middleware vom 2023-10-17", url: "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixFMW", }, { category: "external", summary: "Dell Security Advisory DSA-2023-409 vom 2023-12-23", url: "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=", }, ], source_lang: "en-US", title: "Oracle Fusion Middleware: Mehrere Schwachstellen", tracking: { current_release_date: "2023-12-26T23:00:00.000+00:00", generator: { date: "2024-08-15T17:59:59.153+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2674", initial_release_date: "2023-10-17T22:00:00.000+00:00", revision_history: [ { date: "2023-10-17T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-12-26T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Dell aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Fusion Middleware 12.2.1.3.0", product: { name: "Oracle Fusion Middleware 12.2.1.3.0", product_id: "618028", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.3.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 12.2.1.4.0", product: { name: "Oracle Fusion Middleware 12.2.1.4.0", product_id: "751674", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.4.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 14.1.1.0.0", product: { name: "Oracle Fusion Middleware 14.1.1.0.0", product_id: "829576", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:14.1.1.0.0", }, }, }, { category: "product_name", name: "Oracle Fusion Middleware 8.5.6", product: { name: "Oracle Fusion Middleware 8.5.6", product_id: "T024993", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:8.5.6", }, }, }, ], category: "product_name", name: "Fusion Middleware", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39022", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-39022", }, { cve: "CVE-2023-35887", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-35887", }, { cve: "CVE-2023-35116", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-35116", }, { cve: "CVE-2023-34462", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-34462", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-28708", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-28708", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-22127", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22127", }, { cve: "CVE-2023-22126", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22126", }, { cve: "CVE-2023-22108", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22108", }, { cve: "CVE-2023-22101", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22101", }, { cve: "CVE-2023-22089", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22089", }, { cve: "CVE-2023-22086", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22086", }, { cve: "CVE-2023-22072", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22072", }, { cve: "CVE-2023-22069", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22069", }, { cve: "CVE-2023-22019", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22019", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2022-45690", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-45690", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-44729", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-44729", }, { cve: "CVE-2022-42920", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-42920", }, { cve: "CVE-2022-42004", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-42004", }, { cve: "CVE-2022-37436", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-37436", }, { cve: "CVE-2022-29599", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-29599", }, { cve: "CVE-2022-29546", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-29546", }, { cve: "CVE-2022-24839", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-24839", }, { cve: "CVE-2022-23491", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-23491", }, { cve: "CVE-2021-37714", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-37714", }, { cve: "CVE-2021-37136", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-37136", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-28165", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-28165", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2019-10086", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T024993", "618028", "751674", "829576", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2019-10086", }, ], }
WID-SEC-W-2023-2675
Vulnerability from csaf_certbund
Published
2023-10-17 22:00
Modified
2023-10-17 22:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2675 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2675.json", }, { category: "self", summary: "WID-SEC-2023-2675 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2675", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Financial Services Applications vom 2023-10-17", url: "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixIFLX", }, ], source_lang: "en-US", title: "Oracle Financial Services Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-17T22:00:00.000+00:00", generator: { date: "2024-08-15T17:59:59.509+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2675", initial_release_date: "2023-10-17T22:00:00.000+00:00", revision_history: [ { date: "2023-10-17T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Financial Services Applications 2.6.2", product: { name: "Oracle Financial Services Applications 2.6.2", product_id: "T018977", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.6.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.9.0", product: { name: "Oracle Financial Services Applications 2.9.0", product_id: "T018981", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.9.0", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.3", product: { name: "Oracle Financial Services Applications <= 14.3", product_id: "T019887", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 12.3", product: { name: "Oracle Financial Services Applications 12.3", product_id: "T019893", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:12.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 12.4", product: { name: "Oracle Financial Services Applications 12.4", product_id: "T019894", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:12.4", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 11.8", product: { name: "Oracle Financial Services Applications <= 11.8", product_id: "T020696", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:11.8", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 11.10", product: { name: "Oracle Financial Services Applications 11.10", product_id: "T020698", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:11.10", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 18.3", product: { name: "Oracle Financial Services Applications 18.3", product_id: "T021669", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:18.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.1", product: { name: "Oracle Financial Services Applications 19.1", product_id: "T021670", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 19.2", product: { name: "Oracle Financial Services Applications 19.2", product_id: "T021671", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:19.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 21.1", product: { name: "Oracle Financial Services Applications 21.1", product_id: "T021673", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:21.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.7", product: { name: "Oracle Financial Services Applications 2.7", product_id: "T023927", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 2.12", product: { name: "Oracle Financial Services Applications 2.12", product_id: "T023929", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.12", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications <= 14.7", product: { name: "Oracle Financial Services Applications <= 14.7", product_id: "T027348", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.1", product: { name: "Oracle Financial Services Applications 22.1", product_id: "T027349", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.1", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 22.2", product: { name: "Oracle Financial Services Applications 22.2", product_id: "T027350", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:22.2", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.4", product: { name: "Oracle Financial Services Applications 8.1.2.4", product_id: "T027351", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.4", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 8.1.2.3", product: { name: "Oracle Financial Services Applications 8.1.2.3", product_id: "T027352", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.3", }, }, }, { category: "product_name", name: "Oracle Financial Services Applications 11.11", product: { name: "Oracle Financial Services Applications 11.11", product_id: "T027366", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:11.11", }, }, }, ], category: "product_name", name: "Financial Services Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-34981", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-34981", }, { cve: "CVE-2023-34462", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-34462", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-28439", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-28439", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-22946", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22946", }, { cve: "CVE-2023-22125", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22125", }, { cve: "CVE-2023-22124", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22124", }, { cve: "CVE-2023-22123", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22123", }, { cve: "CVE-2023-22122", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22122", }, { cve: "CVE-2023-22121", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22121", }, { cve: "CVE-2023-22119", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22119", }, { cve: "CVE-2023-22118", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22118", }, { cve: "CVE-2023-22117", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-22117", }, { cve: "CVE-2023-20883", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20883", }, { cve: "CVE-2023-20873", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20873", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-20862", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-20862", }, { cve: "CVE-2023-1436", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-1436", }, { cve: "CVE-2023-1370", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2023-1370", }, { cve: "CVE-2022-48285", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-48285", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41966", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-41966", }, { cve: "CVE-2022-41881", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-41881", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-33980", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-33980", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-29577", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-29577", }, { cve: "CVE-2022-1471", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2022-1471", }, { cve: "CVE-2021-41165", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-41165", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T027351", "T027352", "T027350", "T023927", "T019894", "T018981", "T019893", "T023929", "T020698", "T021669", "T018977", "T027349", "T021673", "T027366", "T021671", "T021670", ], last_affected: [ "T019887", "T020696", "T027348", ], }, release_date: "2023-10-17T22:00:00.000+00:00", title: "CVE-2021-37533", }, ], }
ncsc-2024-0299
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:54
Modified
2024-07-17 13:54
Summary
Kwetsbaarheden verholpen in Oracle Analytics
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Analytics.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-222
Truncation of Security-relevant Information
CWE-285
Improper Authorization
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-426
Untrusted Search Path
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476
NULL Pointer Dereference
CWE-674
Uncontrolled Recursion
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-787
Out-of-bounds Write
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle Analytics.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Authorization", title: "CWE-285", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23926", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21797", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26031", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33202", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46589", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-49083", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21139", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: " Kwetsbaarheden verholpen in Oracle Analytics", tracking: { current_release_date: "2024-07-17T13:54:03.545073Z", id: "NCSC-2024-0299", initial_release_date: "2024-07-17T13:54:03.545073Z", revision_history: [ { date: "2024-07-17T13:54:03.545073Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23926", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2021-23926", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23926.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2021-23926", }, { cve: "CVE-2021-37533", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2021-37533", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2021-37533", }, { cve: "CVE-2022-0239", product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2022-0239", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-0239.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2022-0239", }, { cve: "CVE-2022-21797", product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2022-21797", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-21797.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2022-21797", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2022-40152", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40152.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2022-40152", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-1370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-1370.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2023-1370", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-1436", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-1436.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2023-1436", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-33202", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-33202", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33202.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2023-33202", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-46589", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2023-46589", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-49083", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49083.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2023-49083", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-0727", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2024-0727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2024-0727", }, { cve: "CVE-2024-21139", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2024-21139", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21139.json", }, ], title: "CVE-2024-21139", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2024-25710", }, ], }
NCSC-2024-0299
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:54
Modified
2024-07-17 13:54
Summary
Kwetsbaarheden verholpen in Oracle Analytics
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Analytics.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-222
Truncation of Security-relevant Information
CWE-285
Improper Authorization
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-426
Untrusted Search Path
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-476
NULL Pointer Dereference
CWE-674
Uncontrolled Recursion
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-787
Out-of-bounds Write
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle Analytics.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Authorization", title: "CWE-285", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23926", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21797", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26031", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33202", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46589", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-49083", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21139", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: " Kwetsbaarheden verholpen in Oracle Analytics", tracking: { current_release_date: "2024-07-17T13:54:03.545073Z", id: "NCSC-2024-0299", initial_release_date: "2024-07-17T13:54:03.545073Z", revision_history: [ { date: "2024-07-17T13:54:03.545073Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23926", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2021-23926", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23926.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2021-23926", }, { cve: "CVE-2021-37533", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2021-37533", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2021-37533", }, { cve: "CVE-2022-0239", product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2022-0239", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-0239.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2022-0239", }, { cve: "CVE-2022-21797", product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2022-21797", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-21797.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2022-21797", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2022-40152", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40152.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2022-40152", }, { cve: "CVE-2023-1370", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-1370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-1370.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2023-1370", }, { cve: "CVE-2023-1436", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-1436", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-1436.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2023-1436", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-33202", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-33202", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33202.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2023-33202", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-46589", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2023-46589", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-49083", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49083.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2023-49083", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-0727", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2024-0727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2024-0727", }, { cve: "CVE-2024-21139", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2024-21139", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21139.json", }, ], title: "CVE-2024-21139", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-816763", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816763", ], }, ], title: "CVE-2024-25710", }, ], }
gsd-2023-1436
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-1436", id: "GSD-2023-1436", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-1436", ], details: "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.", id: "GSD-2023-1436", modified: "2023-12-13T01:20:41.805181Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@jfrog.com", ID: "CVE-2023-1436", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "jettison", version: { version_data: [ { version_affected: "<", version_name: "0", version_value: "1.5.4", }, ], }, }, ], }, vendor_name: "jettison", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.", }, ], }, impact: { cvss: [ { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-674", lang: "eng", value: "CWE-674 Uncontrolled Recursion", }, ], }, ], }, references: { reference_data: [ { name: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", refsource: "MISC", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], }, source: { discovery: "INTERNAL", }, }, "gitlab.com": { advisories: [ { affected_range: "(,1.5.4)", affected_versions: "All versions before 1.5.4", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2023-03-22", description: "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.", fixed_versions: [ "1.5.4", ], identifier: "CVE-2023-1436", identifiers: [ "GHSA-q6g2-g7f3-rr83", "CVE-2023-1436", ], not_impacted: "All versions starting from 1.5.4", package_slug: "maven/org.codehaus.jettison/jettison", pubdate: "2023-03-22", solution: "Upgrade to version 1.5.4 or above.", title: "Jettison vulnerable to infinite recursion", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", "https://github.com/jettison-json/jettison/issues/60", "https://github.com/jettison-json/jettison/pull/62", "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.4", "https://github.com/advisories/GHSA-q6g2-g7f3-rr83", ], uuid: "758e3203-0a4c-47f4-bc3b-24bd55f2245b", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:jettison_project:jettison:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.4", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@jfrog.com", ID: "CVE-2023-1436", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-674", }, ], }, ], }, references: { reference_data: [ { name: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", refsource: "MISC", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2023-03-29T19:07Z", publishedDate: "2023-03-22T06:15Z", }, }, }
ghsa-q6g2-g7f3-rr83
Vulnerability from github
Published
2023-03-22 06:30
Modified
2023-03-30 01:01
Severity ?
Summary
Jettison vulnerable to infinite recursion
Details
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
{ affected: [ { package: { ecosystem: "Maven", name: "org.codehaus.jettison:jettison", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.5.4", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2023-1436", ], database_specific: { cwe_ids: [ "CWE-674", ], github_reviewed: true, github_reviewed_at: "2023-03-22T21:23:09Z", nvd_published_at: "2023-03-22T06:15:00Z", severity: "HIGH", }, details: "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.", id: "GHSA-q6g2-g7f3-rr83", modified: "2023-03-30T01:01:25Z", published: "2023-03-22T06:30:21Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", }, { type: "WEB", url: "https://github.com/jettison-json/jettison/issues/60", }, { type: "WEB", url: "https://github.com/jettison-json/jettison/pull/62", }, { type: "PACKAGE", url: "https://github.com/jettison-json/jettison", }, { type: "WEB", url: "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.4", }, { type: "WEB", url: "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], summary: "Jettison vulnerable to infinite recursion", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.