Action not permitted
Modal body text goes here.
cve-2023-44483
Vulnerability from cvelistv5
Published
2023-10-20 09:23
Modified
2024-09-12 14:36
Severity ?
EPSS score ?
Summary
Apache Santuario: Private Key disclosure in debug-log output
References
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | http://www.openwall.com/lists/oss-security/2023/10/20/5 | Mailing List, Third Party Advisory | |
security@apache.org | https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 | Mailing List, Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Apache Software Foundation | Apache Santuario |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:33.435Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-44483", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-12T14:33:15.116438Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-12T14:36:02.225Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Santuario", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "2.2.6", "status": "affected", "version": "2.2", "versionType": "semver" }, { "lessThan": "2.3.4", "status": "affected", "version": "2.3", "versionType": "semver" }, { "lessThan": "3.0.3", "status": "affected", "version": "3.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Apache Santuario would like to thank Max Fichtelmann for reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u0026nbsp;Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\u003cbr\u003e" } ], "value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n" } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-20T09:23:53.483Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" } ], "source": { "discovery": "EXTERNAL" }, "title": "Apache Santuario: Private Key disclosure in debug-log output", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-44483", "datePublished": "2023-10-20T09:23:53.483Z", "dateReserved": "2023-09-29T15:05:04.230Z", "dateUpdated": "2024-09-12T14:36:02.225Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-44483\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-10-20T10:15:12.933\",\"lastModified\":\"2023-10-27T18:49:49.600\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\\n\"},{\"lang\":\"es\",\"value\":\"Todas las versiones de Apache Santuario - XML Security para Java anteriores a 2.2.6, 2.3.4 y 3.0.3, cuando utilizan la API JSR 105, son vulnerables a un problema en el que se puede revelar una clave privada en los archivos de registro al generar un La firma XML y el registro con nivel de depuraci\u00f3n est\u00e1n habilitados. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.2.6, 2.3.4 o 3.0.3, que soluciona este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.6\",\"matchCriteriaId\":\"072EA1B9-C0F1-41FC-97B6-6EDA8B7A4A73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.4\",\"matchCriteriaId\":\"BD7B2204-670A-4C24-9A8C-C0445F97ADA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.3\",\"matchCriteriaId\":\"C09892DB-35BF-41E0-811C-810B8753325C\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/5\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}" } }
wid-sec-w-2023-2943
Vulnerability from csaf_certbund
Published
2023-11-15 23:00
Modified
2024-01-30 23:00
Summary
IBM WebSphere Application Server Liberty: Mehrere Schwachstellen ermöglichen die Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM WebSphere Application Server ist ein J2EE-Applikationsserver.
Angriff
Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server Liberty ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
- Sonstiges
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server Liberty ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2943 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2943.json" }, { "category": "self", "summary": "WID-SEC-2023-2943 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2943" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-11-15", "url": "https://www.ibm.com/support/pages/node/7076305" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-11-15", "url": "https://www.ibm.com/support/pages/node/7077061" }, { "category": "external", "summary": "IBM Security Bulletin 7096373 vom 2023-12-13", "url": "https://www.ibm.com/support/pages/node/7096373" }, { "category": "external", "summary": "IBM Security Bulletin 7107861 vom 2024-01-18", "url": "https://www.ibm.com/support/pages/node/7107861" }, { "category": "external", "summary": "IBM Security Bulletin 7112522 vom 2024-01-30", "url": "https://www.ibm.com/support/pages/node/7112522" } ], "source_lang": "en-US", "title": "IBM WebSphere Application Server Liberty: Mehrere Schwachstellen erm\u00f6glichen die Offenlegung von Informationen", "tracking": { "current_release_date": "2024-01-30T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:51:39.567+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2943", "initial_release_date": "2023-11-15T23:00:00.000+00:00", "revision_history": [ { "date": "2023-11-15T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-12-12T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-01-18T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-01-30T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "4" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM License Metric Tool 9.2", "product": { "name": "IBM License Metric Tool 9.2", "product_id": "T031605", "product_identification_helper": { "cpe": "cpe:/a:ibm:license_metric_tool:9.2" } } }, { "branches": [ { "category": "product_name", "name": "IBM TXSeries 8.1", "product": { "name": "IBM TXSeries 8.1", "product_id": "T029287", "product_identification_helper": { "cpe": "cpe:/a:ibm:txseries:8.1" } } }, { "category": "product_name", "name": "IBM TXSeries 8.2", "product": { "name": "IBM TXSeries 8.2", "product_id": "T029288", "product_identification_helper": { "cpe": "cpe:/a:ibm:txseries:8.2" } } }, { "category": "product_name", "name": "IBM TXSeries 9.1", "product": { "name": "IBM TXSeries 9.1", "product_id": "T029292", "product_identification_helper": { "cpe": "cpe:/a:ibm:txseries:9.1" } } } ], "category": "product_name", "name": "TXSeries" }, { "category": "product_name", "name": "IBM Tivoli Business Service Manager 6.2.0", "product": { "name": "IBM Tivoli Business Service Manager 6.2.0", "product_id": "T014092", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0" } } }, { "category": "product_name", "name": "IBM WebSphere Application Server \u003c Liberty 23.0.0.12", "product": { "name": "IBM WebSphere Application Server \u003c Liberty 23.0.0.12", "product_id": "T031230", "product_identification_helper": { "cpe": "cpe:/a:ibm:websphere_application_server:liberty_23.0.0.12" } } } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in IBM WebSphere Application Server Liberty. Diese Fehler bestehen in der Apache Santuario-Komponente aufgrund der Speicherung eines privaten Schl\u00fcssels in den Protokolldateien bei Verwendung der JSR 105-API, die es erm\u00f6glicht, die privaten Schl\u00fcsselinformationen zu erhalten und diese Informationen zu verwenden, um weitere Angriffe auf das betroffene System zu starten. Durch den Zugriff auf die Protokolldateien kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T029288", "T029287", "T014092", "T029292", "T031605" ] }, "release_date": "2023-11-15T23:00:00Z", "title": "CVE-2023-44483" } ] }
wid-sec-w-2024-0873
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-04-16 22:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Financial Services ist eine Zusammenstellung von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0873 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0873.json" }, { "category": "self", "summary": "WID-SEC-2024-0873 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0873" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Financial Services Applications vom 2024-04-16", "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixIFLX" } ], "source_lang": "en-US", "title": "Oracle Financial Services Applications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-16T22:00:00.000+00:00", "generator": { "date": "2024-04-17T08:35:56.086+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0873", "initial_release_date": "2024-04-16T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "2.9.0.0.0", "product": { "name": "Oracle Financial Services Applications 2.9.0.0.0", "product_id": "T023930", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.9.0.0.0" } } }, { "category": "product_version", "name": "2.9.0.1.0", "product": { "name": "Oracle Financial Services Applications 2.9.0.1.0", "product_id": "T023931", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.9.0.1.0" } } }, { "category": "product_version", "name": "3.2.0.0.0", "product": { "name": "Oracle Financial Services Applications 3.2.0.0.0", "product_id": "T023932", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:3.2.0.0.0" } } }, { "category": "product_version", "name": "19.1.0.0.0", "product": { "name": "Oracle Financial Services Applications 19.1.0.0.0", "product_id": "T028693", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:19.1.0.0.0" } } }, { "category": "product_version", "name": "19.2.0.0.0", "product": { "name": "Oracle Financial Services Applications 19.2.0.0.0", "product_id": "T028694", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:19.2.0.0.0" } } }, { "category": "product_version", "name": "21.1.0.0.0", "product": { "name": "Oracle Financial Services Applications 21.1.0.0.0", "product_id": "T028695", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:21.1.0.0.0" } } }, { "category": "product_version", "name": "22.1.0.0.0", "product": { "name": "Oracle Financial Services Applications 22.1.0.0.0", "product_id": "T028696", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:22.1.0.0.0" } } }, { "category": "product_version", "name": "22.2.0.0.0", "product": { "name": "Oracle Financial Services Applications 22.2.0.0.0", "product_id": "T028697", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:22.2.0.0.0" } } }, { "category": "product_version", "name": "14.7.0.0.0", "product": { "name": "Oracle Financial Services Applications 14.7.0.0.0", "product_id": "T028702", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.0.0" } } }, { "category": "product_version", "name": "14.7.0.3.0", "product": { "name": "Oracle Financial Services Applications 14.7.0.3.0", "product_id": "T032111", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.3.0" } } }, { "category": "product_version", "name": "12.1.0.0.0", "product": { "name": "Oracle Financial Services Applications 12.1.0.0.0", "product_id": "T034159", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:12.1.0.0.0" } } }, { "category": "product_version", "name": "14.5.0.0.0", "product": { "name": "Oracle Financial Services Applications 14.5.0.0.0", "product_id": "T034160", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:14.5.0.0.0" } } }, { "category": "product_version", "name": "14.6.0.0.0", "product": { "name": "Oracle Financial Services Applications 14.6.0.0.0", "product_id": "T034161", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:14.6.0.0.0" } } }, { "category": "product_version", "name": "2.12.0.0.0", "product": { "name": "Oracle Financial Services Applications 2.12.0.0.0", "product_id": "T034162", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.12.0.0.0" } } }, { "category": "product_version", "name": "2.7.0.0.0", "product": { "name": "Oracle Financial Services Applications 2.7.0.0.0", "product_id": "T034163", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.7.0.0.0" } } }, { "category": "product_version", "name": "2.8.0.0.0", "product": { "name": "Oracle Financial Services Applications 2.8.0.0.0", "product_id": "T034164", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.8.0.0.0" } } }, { "category": "product_version", "name": "3.0.0.0.0", "product": { "name": "Oracle Financial Services Applications 3.0.0.0.0", "product_id": "T034165", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:3.0.0.0.0" } } }, { "category": "product_version", "name": "3.1.0.0.0", "product": { "name": "Oracle Financial Services Applications 3.1.0.0.0", "product_id": "T034166", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:3.1.0.0.0" } } }, { "category": "product_version", "name": "4.0.0.0", "product": { "name": "Oracle Financial Services Applications 4.0.0.0", "product_id": "T034167", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:4.0.0.0" } } }, { "category": "product_version", "name": "5.0.0.0", "product": { "name": "Oracle Financial Services Applications 5.0.0.0", "product_id": "T034168", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:5.0.0.0" } } } ], "category": "product_name", "name": "Financial Services Applications" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-31160", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-31160" }, { "cve": "CVE-2022-46337", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-46337" }, { "cve": "CVE-2023-2618", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-2618" }, { "cve": "CVE-2023-33201", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-33201" }, { "cve": "CVE-2023-42503", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-42503" }, { "cve": "CVE-2023-44271", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-44271" }, { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-44483" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-44981", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-44981" }, { "cve": "CVE-2023-46589", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-46589" }, { "cve": "CVE-2023-46604", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-46604" }, { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-5072" }, { "cve": "CVE-2024-23635", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-23635" }, { "cve": "CVE-2024-26308", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028693", "T028694", "T034159", "T034165", "T034164", "T034163", "T034162", "T032111", "T034168", "T034167", "T034166", "T034161", "T023930", "T034160", "T023931", "T023932", "T028702", "T028697", "T028695", "T028696" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-26308" } ] }
wid-sec-w-2024-0107
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Communications Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0107 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0107.json" }, { "category": "self", "summary": "WID-SEC-2024-0107 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0107" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Communications Applications vom 2024-01-16", "url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixCAGBU" } ], "source_lang": "en-US", "title": "Oracle Communications Applications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-16T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:42.860+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0107", "initial_release_date": "2024-01-16T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-16T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Communications Applications 7.4.0", "product": { "name": "Oracle Communications Applications 7.4.0", "product_id": "T018938", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:7.4.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 7.4.1", "product": { "name": "Oracle Communications Applications 7.4.1", "product_id": "T018939", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:7.4.1" } } }, { "category": "product_name", "name": "Oracle Communications Applications 7.4.2", "product": { "name": "Oracle Communications Applications 7.4.2", "product_id": "T018940", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:7.4.2" } } }, { "category": "product_name", "name": "Oracle Communications Applications 6.0.1.0.0", "product": { "name": "Oracle Communications Applications 6.0.1.0.0", "product_id": "T021634", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:6.0.1.0.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 7.5.0", "product": { "name": "Oracle Communications Applications 7.5.0", "product_id": "T021639", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:7.5.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 7.4", "product": { "name": "Oracle Communications Applications 7.4", "product_id": "T022811", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:7.4" } } }, { "category": "product_name", "name": "Oracle Communications Applications \u003c= 12.0.6.0.0", "product": { "name": "Oracle Communications Applications \u003c= 12.0.6.0.0", "product_id": "T027325", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:12.0.6.0.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications \u003c= 12.0.0.8.0", "product": { "name": "Oracle Communications Applications \u003c= 12.0.0.8.0", "product_id": "T028669", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:12.0.0.8.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 3.0.3.2", "product": { "name": "Oracle Communications Applications 3.0.3.2", "product_id": "T028670", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:3.0.3.2" } } }, { "category": "product_name", "name": "Oracle Communications Applications 10.0.1.7.0", "product": { "name": "Oracle Communications Applications 10.0.1.7.0", "product_id": "T028674", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:10.0.1.7.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 7.4.0.7.0", "product": { "name": "Oracle Communications Applications 7.4.0.7.0", "product_id": "T028676", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:7.4.0.7.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 7.4.1.5.0", "product": { "name": "Oracle Communications Applications 7.4.1.5.0", "product_id": "T028677", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:7.4.1.5.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 7.4.2.8.0", "product": { "name": "Oracle Communications Applications 7.4.2.8.0", "product_id": "T028678", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:7.4.2.8.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 6.3.1.0.0", "product": { "name": "Oracle Communications Applications 6.3.1.0.0", "product_id": "T030578", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:6.3.1.0.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications \u003c= 12.0.0.8", "product": { "name": "Oracle Communications Applications \u003c= 12.0.0.8", "product_id": "T030579", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:12.0.0.8" } } }, { "category": "product_name", "name": "Oracle Communications Applications \u003c= 6.0.3", "product": { "name": "Oracle Communications Applications \u003c= 6.0.3", "product_id": "T030581", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:6.0.3" } } }, { "category": "product_name", "name": "Oracle Communications Applications \u003c= 12.0.0.7", "product": { "name": "Oracle Communications Applications \u003c= 12.0.0.7", "product_id": "T032083", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:12.0.0.7" } } }, { "category": "product_name", "name": "Oracle Communications Applications 15.0.0.0.0", "product": { "name": "Oracle Communications Applications 15.0.0.0.0", "product_id": "T032084", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:15.0.0.0.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications 3.0.3.3", "product": { "name": "Oracle Communications Applications 3.0.3.3", "product_id": "T032085", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:3.0.3.3" } } }, { "category": "product_name", "name": "Oracle Communications Applications 8.1.0.24.0", "product": { "name": "Oracle Communications Applications 8.1.0.24.0", "product_id": "T032086", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:8.1.0.24.0" } } }, { "category": "product_name", "name": "Oracle Communications Applications \u003c= 5.5.19", "product": { "name": "Oracle Communications Applications \u003c= 5.5.19", "product_id": "T032087", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications_applications:5.5.19" } } } ], "category": "product_name", "name": "Communications Applications" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-5072" }, { "cve": "CVE-2023-45648", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-45648" }, { "cve": "CVE-2023-44981", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44981" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44483" }, { "cve": "CVE-2023-42794", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-42794" }, { "cve": "CVE-2023-42503", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-42503" }, { "cve": "CVE-2023-37536", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-37536" }, { "cve": "CVE-2023-34981", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-34981" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-33201", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-33201" }, { "cve": "CVE-2023-31122", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-31122" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-28823", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-28823" }, { "cve": "CVE-2023-25194", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-25194" }, { "cve": "CVE-2023-20883", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-20883" }, { "cve": "CVE-2022-45868", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-45868" }, { "cve": "CVE-2022-42920", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-42920" }, { "cve": "CVE-2022-36944", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-36944" }, { "cve": "CVE-2022-31160", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-31160" }, { "cve": "CVE-2022-31147", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-31147" }, { "cve": "CVE-2022-1471", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-1471" }, { "cve": "CVE-2021-4104", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2021-4104" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028670", "T030578", "T032085", "T032086", "T021639", "T032084", "T022811", "T018940", "T021634", "T028677", "T018938", "T028678", "T018939", "T028676", "T028674" ], "last_affected": [ "T030579", "T028669", "T032083", "T027325", "T030581", "T032087" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2021-37533" } ] }
wid-sec-w-2024-0106
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0106 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0106.json" }, { "category": "self", "summary": "WID-SEC-2024-0106 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0106" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Communications vom 2024-01-16", "url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixCGBU" } ], "source_lang": "en-US", "title": "Oracle Communications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-16T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:41.972+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0106", "initial_release_date": "2024-01-16T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-16T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Communications 5.0", "product": { "name": "Oracle Communications 5.0", "product_id": "T021645", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:5.0" } } }, { "category": "product_name", "name": "Oracle Communications 8.6.0.0", "product": { "name": "Oracle Communications 8.6.0.0", "product_id": "T024970", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:8.6.0.0" } } }, { "category": "product_name", "name": "Oracle Communications 23.1.0", "product": { "name": "Oracle Communications 23.1.0", "product_id": "T027326", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.1.0" } } }, { "category": "product_name", "name": "Oracle Communications 12.6.1.0.0", "product": { "name": "Oracle Communications 12.6.1.0.0", "product_id": "T027338", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:12.6.1.0.0" } } }, { "category": "product_name", "name": "Oracle Communications 23.2.0", "product": { "name": "Oracle Communications 23.2.0", "product_id": "T028682", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.2.0" } } }, { "category": "product_name", "name": "Oracle Communications 5.1", "product": { "name": "Oracle Communications 5.1", "product_id": "T028684", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:5.1" } } }, { "category": "product_name", "name": "Oracle Communications 23.1.3", "product": { "name": "Oracle Communications 23.1.3", "product_id": "T030584", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.1.3" } } }, { "category": "product_name", "name": "Oracle Communications 23.2.1", "product": { "name": "Oracle Communications 23.2.1", "product_id": "T030585", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.2.1" } } }, { "category": "product_name", "name": "Oracle Communications 23.3.0", "product": { "name": "Oracle Communications 23.3.0", "product_id": "T030586", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.0" } } }, { "category": "product_name", "name": "Oracle Communications 9.0.0.0", "product": { "name": "Oracle Communications 9.0.0.0", "product_id": "T030589", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:9.0.0.0" } } }, { "category": "product_name", "name": "Oracle Communications 23.3.1", "product": { "name": "Oracle Communications 23.3.1", "product_id": "T032088", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.1" } } }, { "category": "product_name", "name": "Oracle Communications \u003c= 9.0.2.0.1", "product": { "name": "Oracle Communications \u003c= 9.0.2.0.1", "product_id": "T032089", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:9.0.2.0.1" } } }, { "category": "product_name", "name": "Oracle Communications 15.0.0.0.0", "product": { "name": "Oracle Communications 15.0.0.0.0", "product_id": "T032090", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:15.0.0.0.0" } } }, { "category": "product_name", "name": "Oracle Communications 23.4.0", "product": { "name": "Oracle Communications 23.4.0", "product_id": "T032091", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.4.0" } } }, { "category": "product_name", "name": "Oracle Communications 23.1.4", "product": { "name": "Oracle Communications 23.1.4", "product_id": "T032092", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.1.4" } } }, { "category": "product_name", "name": "Oracle Communications 23.2.0.0.2", "product": { "name": "Oracle Communications 23.2.0.0.2", "product_id": "T032093", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.2.0.0.2" } } }, { "category": "product_name", "name": "Oracle Communications 23.3.0.0.0", "product": { "name": "Oracle Communications 23.3.0.0.0", "product_id": "T032094", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.0.0.0" } } } ], "category": "product_name", "name": "Communications" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-5072" }, { "cve": "CVE-2023-50164", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-50164" }, { "cve": "CVE-2023-4911", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-4911" }, { "cve": "CVE-2023-46604", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-46604" }, { "cve": "CVE-2023-46589", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-46589" }, { "cve": "CVE-2023-45648", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-45648" }, { "cve": "CVE-2023-45145", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-45145" }, { "cve": "CVE-2023-44981", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44981" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44483" }, { "cve": "CVE-2023-43496", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-43496" }, { "cve": "CVE-2023-41053", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-41053" }, { "cve": "CVE-2023-40167", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-40167" }, { "cve": "CVE-2023-38325", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-38325" }, { "cve": "CVE-2023-37536", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-37536" }, { "cve": "CVE-2023-36478", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-36478" }, { "cve": "CVE-2023-34055", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-34055" }, { "cve": "CVE-2023-34053", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-34053" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-33201", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-33201" }, { "cve": "CVE-2023-31582", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-31582" }, { "cve": "CVE-2023-31486", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-31486" }, { "cve": "CVE-2023-30861", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-30861" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-2283", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-2283" }, { "cve": "CVE-2023-22102", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-22102" }, { "cve": "CVE-2023-1108", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-1108" }, { "cve": "CVE-2022-48174", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-48174" }, { "cve": "CVE-2022-46751", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-46751" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T030585", "T030584", "T030586", "T030589", "T032094", "T032088", "T032092", "T032093", "T032090", "T021645", "T032091", "T027326", "T024970", "T027338", "T028684" ], "last_affected": [ "T032089" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2021-46848" } ] }
wid-sec-w-2024-0124
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Financial Services ist eine Zusammenstellung von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0124 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0124.json" }, { "category": "self", "summary": "WID-SEC-2024-0124 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0124" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Financial Services Applications vom 2024-01-16", "url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixIFLX" } ], "source_lang": "en-US", "title": "Oracle Financial Services Applications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-16T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:56.463+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0124", "initial_release_date": "2024-01-16T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-16T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Financial Services Applications 2.7.1", "product": { "name": "Oracle Financial Services Applications 2.7.1", "product_id": "T018979", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.7.1" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 2.8.0", "product": { "name": "Oracle Financial Services Applications 2.8.0", "product_id": "T018980", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.8.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 2.9.0", "product": { "name": "Oracle Financial Services Applications 2.9.0", "product_id": "T018981", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.9.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.1.0", "product": { "name": "Oracle Financial Services Applications 8.1.0", "product_id": "T018983", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.1.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.0.9", "product": { "name": "Oracle Financial Services Applications 8.0.9", "product_id": "T019890", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.0.9" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.1.1", "product": { "name": "Oracle Financial Services Applications 8.1.1", "product_id": "T019891", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.0.7", "product": { "name": "Oracle Financial Services Applications 8.0.7", "product_id": "T021676", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.0.8", "product": { "name": "Oracle Financial Services Applications 8.0.8", "product_id": "T021677", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.1.1.1", "product": { "name": "Oracle Financial Services Applications 8.1.1.1", "product_id": "T022835", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.1" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.0.8.1", "product": { "name": "Oracle Financial Services Applications 8.0.8.1", "product_id": "T022844", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.0.8.2", "product": { "name": "Oracle Financial Services Applications 8.0.8.2", "product_id": "T024990", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.2" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 2.9.1", "product": { "name": "Oracle Financial Services Applications 2.9.1", "product_id": "T027359", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:2.9.1" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.1.2", "product": { "name": "Oracle Financial Services Applications 8.1.2", "product_id": "T028705", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.1.2.5", "product": { "name": "Oracle Financial Services Applications 8.1.2.5", "product_id": "T028706", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.5" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications \u003c= 14.7.0", "product": { "name": "Oracle Financial Services Applications \u003c= 14.7.0", "product_id": "T028707", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 22.1.0", "product": { "name": "Oracle Financial Services Applications 22.1.0", "product_id": "T032101", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:22.1.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 22.2.0", "product": { "name": "Oracle Financial Services Applications 22.2.0", "product_id": "T032102", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:22.2.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 21.1.0", "product": { "name": "Oracle Financial Services Applications 21.1.0", "product_id": "T032103", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:21.1.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 8.1.2.6", "product": { "name": "Oracle Financial Services Applications 8.1.2.6", "product_id": "T032104", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.6" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 19.1.0", "product": { "name": "Oracle Financial Services Applications 19.1.0", "product_id": "T032105", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:19.1.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 5.0.0", "product": { "name": "Oracle Financial Services Applications 5.0.0", "product_id": "T032106", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:5.0.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 5.1.0", "product": { "name": "Oracle Financial Services Applications 5.1.0", "product_id": "T032107", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:5.1.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications \u003c= 3.2.0", "product": { "name": "Oracle Financial Services Applications \u003c= 3.2.0", "product_id": "T032108", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:3.2.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 4.0.0", "product": { "name": "Oracle Financial Services Applications 4.0.0", "product_id": "T032109", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:4.0.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 6.0.0", "product": { "name": "Oracle Financial Services Applications 6.0.0", "product_id": "T032110", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:6.0.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 14.7.0.3.0", "product": { "name": "Oracle Financial Services Applications 14.7.0.3.0", "product_id": "T032111", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.3.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 3.0.0", "product": { "name": "Oracle Financial Services Applications 3.0.0", "product_id": "T032112", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:3.0.0" } } }, { "category": "product_name", "name": "Oracle Financial Services Applications 3.1.0", "product": { "name": "Oracle Financial Services Applications 3.1.0", "product_id": "T032113", "product_identification_helper": { "cpe": "cpe:/a:oracle:financial_services_applications:3.1.0" } } } ], "category": "product_name", "name": "Financial Services Applications" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-5072" }, { "cve": "CVE-2023-46604", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-46604" }, { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44483" }, { "cve": "CVE-2023-42503", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-42503" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-33201", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-33201" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-2618", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-2618" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-21901", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-21901" }, { "cve": "CVE-2023-1436", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-1436" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2022-44729", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-44729" }, { "cve": "CVE-2022-42920", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-42920" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-36944", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-36944" }, { "cve": "CVE-2022-36033", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-36033" }, { "cve": "CVE-2022-34169", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-34169" }, { "cve": "CVE-2022-31692", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-31692" }, { "cve": "CVE-2022-31160", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-31160" }, { "cve": "CVE-2022-25147", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-25147" }, { "cve": "CVE-2022-22979", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-22979" }, { "cve": "CVE-2022-22969", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-22969" }, { "cve": "CVE-2020-5410", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2020-5410" }, { "cve": "CVE-2020-15250", "notes": [ { "category": "description", "text": "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032104", "T032105", "T032102", "T032103", "T032109", "T032106", "T032107", "T019890", "T019891", "T032101", "T018980", "T018981", "T021677", "T022844", "T018983", "T021676", "T028705", "T028706", "T027359", "T032113", "T032111", "T032112", "T032110", "T022835", "T018979", "T024990" ], "last_affected": [ "T028707", "T032108" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2020-15250" } ] }
wid-sec-w-2024-0893
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-04-16 22:00
Summary
Oracle PeopleSoft: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle PeopleSoft ist eine ERP Anwendung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle PeopleSoft ist eine ERP Anwendung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0893 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0893.json" }, { "category": "self", "summary": "WID-SEC-2024-0893 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0893" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle PeopleSoft vom 2024-04-16", "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixPS" } ], "source_lang": "en-US", "title": "Oracle PeopleSoft: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-16T22:00:00.000+00:00", "generator": { "date": "2024-04-17T10:37:18.178+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0893", "initial_release_date": "2024-04-16T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "9.2", "product": { "name": "Oracle PeopleSoft 9.2", "product_id": "T019030", "product_identification_helper": { "cpe": "cpe:/a:oracle:peoplesoft:9.2" } } }, { "category": "product_version", "name": "8.59", "product": { "name": "Oracle PeopleSoft 8.59", "product_id": "T019905", "product_identification_helper": { "cpe": "cpe:/a:oracle:peoplesoft:8.59" } } }, { "category": "product_version", "name": "8.6", "product": { "name": "Oracle PeopleSoft 8.60", "product_id": "T025008", "product_identification_helper": { "cpe": "cpe:/a:oracle:peoplesoft:8.60" } } }, { "category": "product_version", "name": "8.61", "product": { "name": "Oracle PeopleSoft 8.61", "product_id": "T032124", "product_identification_helper": { "cpe": "cpe:/a:oracle:peoplesoft:8.61" } } } ], "category": "product_name", "name": "PeopleSoft" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2021-37533" }, { "cve": "CVE-2022-24613", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-24613" }, { "cve": "CVE-2023-38545", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-38545" }, { "cve": "CVE-2023-4043", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-4043" }, { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-44483" }, { "cve": "CVE-2023-4807", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-4807" }, { "cve": "CVE-2024-21063", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-21063" }, { "cve": "CVE-2024-21065", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-21065" }, { "cve": "CVE-2024-21070", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-21070" }, { "cve": "CVE-2024-21097", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019030", "T019905" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-21097" } ] }
wid-sec-w-2024-0190
Vulnerability from csaf_certbund
Published
2024-01-24 23:00
Modified
2024-01-24 23:00
Summary
IBM Security Guardium: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM Security Guardium ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM Security Guardium ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0190 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0190.json" }, { "category": "self", "summary": "WID-SEC-2024-0190 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0190" }, { "category": "external", "summary": "IBM Security Advisory vom 2024-01-24", "url": "https://www.ibm.com/support/pages/node/7111621" } ], "source_lang": "en-US", "title": "IBM Security Guardium: Schwachstelle erm\u00f6glicht Offenlegung von Informationen", "tracking": { "current_release_date": "2024-01-24T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:57:49.172+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0190", "initial_release_date": "2024-01-24T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-24T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Security Guardium \u003c 11.4", "product": { "name": "IBM Security Guardium \u003c 11.4", "product_id": "T032333", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:11.4" } } }, { "category": "product_name", "name": "IBM Security Guardium \u003c 11.5", "product": { "name": "IBM Security Guardium \u003c 11.5", "product_id": "T032334", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:11.5" } } }, { "category": "product_name", "name": "IBM Security Guardium \u003c 12.0", "product": { "name": "IBM Security Guardium \u003c 12.0", "product_id": "T032335", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:12.0" } } } ], "category": "product_name", "name": "Security Guardium" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Security Guardium. Dieser Fehler besteht in der Komponente Apache Santuario aufgrund der Speicherung eines privaten Schl\u00fcssels in den Protokolldateien bei Verwendung der JSR 105 API. Durch den Zugriff auf die Protokolldateien kann ein entfernter, authentifizierter Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen." } ], "release_date": "2024-01-24T23:00:00Z", "title": "CVE-2023-44483" } ] }
wid-sec-w-2024-0118
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle PeopleSoft: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle PeopleSoft ist eine ERP Anwendung.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle PeopleSoft ist eine ERP Anwendung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0118 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0118.json" }, { "category": "self", "summary": "WID-SEC-2024-0118 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0118" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle PeopleSoft vom 2024-01-16", "url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixPS" } ], "source_lang": "en-US", "title": "Oracle PeopleSoft: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-16T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:51.503+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0118", "initial_release_date": "2024-01-16T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-16T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle PeopleSoft 8.59", "product": { "name": "Oracle PeopleSoft 8.59", "product_id": "T019905", "product_identification_helper": { "cpe": "cpe:/a:oracle:peoplesoft:8.59" } } }, { "category": "product_name", "name": "Oracle PeopleSoft 8.60", "product": { "name": "Oracle PeopleSoft 8.60", "product_id": "T025008", "product_identification_helper": { "cpe": "cpe:/a:oracle:peoplesoft:8.60" } } }, { "category": "product_name", "name": "Oracle PeopleSoft 8.61", "product": { "name": "Oracle PeopleSoft 8.61", "product_id": "T032124", "product_identification_helper": { "cpe": "cpe:/a:oracle:peoplesoft:8.61" } } } ], "category": "product_name", "name": "PeopleSoft" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019905" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-5072" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019905" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019905" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44483" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T032124", "T025008", "T019905" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-2976" } ] }
wid-sec-w-2024-0123
Vulnerability from csaf_certbund
Published
2024-01-16 23:00
Modified
2024-01-16 23:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0123 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0123.json" }, { "category": "self", "summary": "WID-SEC-2024-0123 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0123" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - January 2024 - Appendix Oracle Fusion Middleware vom 2024-01-16", "url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixFMW" } ], "source_lang": "en-US", "title": "Oracle Fusion Middleware: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-16T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:55.587+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0123", "initial_release_date": "2024-01-16T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-16T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Fusion Middleware 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware 12.2.1.4.0", "product_id": "751674", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 14.1.1.0.0", "product": { "name": "Oracle Fusion Middleware 14.1.1.0.0", "product_id": "829576", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 8.5.6", "product": { "name": "Oracle Fusion Middleware 8.5.6", "product_id": "T024993", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:8.5.6" } } } ], "category": "product_name", "name": "Fusion Middleware" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-20986", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2024-20986" }, { "cve": "CVE-2024-20931", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2024-20931" }, { "cve": "CVE-2024-20930", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2024-20930" }, { "cve": "CVE-2024-20928", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2024-20928" }, { "cve": "CVE-2024-20927", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2024-20927" }, { "cve": "CVE-2024-20908", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2024-20908" }, { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-5072" }, { "cve": "CVE-2023-49093", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-49093" }, { "cve": "CVE-2023-46604", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-46604" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-44483" }, { "cve": "CVE-2023-43643", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-43643" }, { "cve": "CVE-2023-42503", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-42503" }, { "cve": "CVE-2023-39410", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-39410" }, { "cve": "CVE-2023-38545", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-38545" }, { "cve": "CVE-2023-3817", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-3817" }, { "cve": "CVE-2023-3635", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-3635" }, { "cve": "CVE-2023-33201", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-33201" }, { "cve": "CVE-2023-32697", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-32697" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-21949", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2023-21949" }, { "cve": "CVE-2022-44729", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-44729" }, { "cve": "CVE-2022-23221", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2022-23221" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2021-37533" }, { "cve": "CVE-2021-36090", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2021-36090" }, { "cve": "CVE-2021-33813", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2021-33813" }, { "cve": "CVE-2021-0341", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2021-0341" }, { "cve": "CVE-2020-5421", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "751674", "829576" ] }, "release_date": "2024-01-16T23:00:00Z", "title": "CVE-2020-5421" } ] }
wid-sec-w-2024-0311
Vulnerability from csaf_certbund
Published
2024-02-06 23:00
Modified
2024-06-06 22:00
Summary
Red Hat JBoss A-MQ: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss A-MQ ist eine Messaging-Plattform.
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ und Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen oder beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss A-MQ ist eine Messaging-Plattform.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ und Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen oder beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0311 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0311.json" }, { "category": "self", "summary": "WID-SEC-2024-0311 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0311" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0804 vom 2024-02-13", "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0799 vom 2024-02-14", "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1192 vom 2024-03-06", "url": "https://access.redhat.com/errata/RHSA-2024:1192" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1194 vom 2024-03-06", "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1193 vom 2024-03-06", "url": "https://access.redhat.com/errata/RHSA-2024:1193" }, { "category": "external", "summary": "RedHat Security Advisory vom 2024-02-06", "url": "https://access.redhat.com/errata/RHSA-2024:0710" }, { "category": "external", "summary": "RedHat Security Advisory vom 2024-02-06", "url": "https://access.redhat.com/errata/RHSA-2024:0711" }, { "category": "external", "summary": "RedHat Security Advisory vom 2024-02-06", "url": "https://access.redhat.com/errata/RHSA-2024:0712" }, { "category": "external", "summary": "RedHat Security Advisory vom 2024-02-06", "url": "https://access.redhat.com/errata/RHSA-2024:0714" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3708 vom 2024-06-06", "url": "https://access.redhat.com/errata/RHSA-2024:3708" } ], "source_lang": "en-US", "title": "Red Hat JBoss A-MQ: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-06-06T22:00:00.000+00:00", "generator": { "date": "2024-06-07T08:08:55.434+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0311", "initial_release_date": "2024-02-06T23:00:00.000+00:00", "revision_history": [ { "date": "2024-02-06T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-02-13T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-03-06T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-06T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "4" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_version", "name": "7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "T006054", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7" } } }, { "category": "product_version", "name": "9", "product": { "name": "Red Hat Enterprise Linux 9", "product_id": "T030908", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:9" } } }, { "category": "product_version", "name": "8", "product": { "name": "Red Hat Enterprise Linux 8", "product_id": "T031155", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "Camel for Spring Boot 1", "product": { "name": "Red Hat Integration Camel for Spring Boot 1", "product_id": "T035240", "product_identification_helper": { "cpe": "cpe:/a:redhat:integration:camel_for_spring_boot_1" } } } ], "category": "product_name", "name": "Integration" }, { "branches": [ { "category": "product_version_range", "name": "\u003c7.4.15", "product": { "name": "Red Hat JBoss A-MQ \u003c7.4.15", "product_id": "T032534", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_amq:7.4.15" } } } ], "category": "product_name", "name": "JBoss A-MQ" }, { "branches": [ { "category": "product_version_range", "name": "\u003c8.0.1", "product": { "name": "Red Hat JBoss Enterprise Application Platform \u003c8.0.1", "product_id": "T033272", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0.1" } } } ], "category": "product_name", "name": "JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-44483", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ und Red Hat Enterprise Linux. Diese besteht in der Komponente \"Apache Santuario - XML Security\" und ist auf einen Fehler in der \"JSR 105\" API zur\u00fcckzuf\u00fchren, welcher einen privaten Schl\u00fcssel m\u00f6glicherweise in die Logdateien schreibt. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T030908", "67646", "T033272", "T035240", "T006054", "T031155" ] }, "release_date": "2024-02-06T23:00:00Z", "title": "CVE-2023-44483" }, { "cve": "CVE-2023-4759", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Diese besteht in der Komponente \"Eclipse JGit\" und ist darauf zur\u00fcckzuf\u00fchren, dass mithilfe eines Symbolic Links au\u00dferhalb des Arbeitsverzeichnisses geschrieben werden kann. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T033272", "T035240" ] }, "release_date": "2024-02-06T23:00:00Z", "title": "CVE-2023-4759" } ] }
gsd-2023-44483
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-44483", "id": "GSD-2023-44483" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-44483" ], "details": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "id": "GSD-2023-44483", "modified": "2023-12-13T01:20:38.630756Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2023-44483", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Santuario", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.2", "version_value": "2.2.6" }, { "version_affected": "\u003c", "version_name": "2.3", "version_value": "2.3.4" }, { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.3" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credits": [ { "lang": "en", "value": "Apache Santuario would like to thank Max Fichtelmann for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-532", "lang": "eng", "value": "CWE-532 Insertion of Sensitive Information into Log File" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "refsource": "MISC", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" }, { "name": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" } ] }, "source": { "discovery": "EXTERNAL" } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3.4", "versionStartIncluding": "2.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.3", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2023-44483" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-532" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "refsource": "MISC", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" }, { "name": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2023-10-27T18:49Z", "publishedDate": "2023-10-20T10:15Z" } } }
rhsa-2024_0800
Vulnerability from csaf_redhat
Published
2024-02-13 16:55
Modified
2024-11-06 05:02
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.7 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0800", "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0800.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 9", "tracking": { "current_release_date": "2024-11-06T05:02:00+00:00", "generator": { "date": "2024-11-06T05:02:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0800", "initial_release_date": "2024-02-13T16:55:27+00:00", "revision_history": [ { "date": "2024-02-13T16:55:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-13T16:55:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T05:02:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el9sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.12-1.redhat_00001.1.el9sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:27+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "guava: insecure temporary directory creation" }, { "acknowledgments": [ { "names": [ "Lauritz Holtmann" ], "organization": "https://security.lauritz-holtmann.de/" } ], "cve": "CVE-2023-6134", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2249673" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6134" }, { "category": "external", "summary": "RHBZ#2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134" } ], "release_date": "2023-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:27+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0800" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri" }, { "cve": "CVE-2023-6291", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-11-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2251407" } ], "notes": [ { "category": "description", "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: redirect_uri validation bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "category": "external", "summary": "RHBZ#2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" } ], "release_date": "2023-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:27+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: redirect_uri validation bypass" }, { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:27+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0800" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Pontus Hanssen" ], "organization": "Pontus.Hanssen@omegapoint.se" } ], "cve": "CVE-2023-6927", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-12-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2255027" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6927" }, { "category": "external", "summary": "RHBZ#2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:27+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode" }, { "cve": "CVE-2023-26048", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236340" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26048" }, { "category": "external", "summary": "RHBZ#2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:27+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0800" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()" }, { "cve": "CVE-2023-26049", "cwe": { "id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236341" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26049" }, { "category": "external", "summary": "RHBZ#2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:27+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0800" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:27+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0800" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
rhsa-2024_0804
Vulnerability from csaf_redhat
Published
2024-02-13 17:07
Modified
2024-11-06 05:01
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0804", "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0804.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update", "tracking": { "current_release_date": "2024-11-06T05:01:50+00:00", "generator": { "date": "2024-11-06T05:01:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0804", "initial_release_date": "2024-02-13T17:07:54+00:00", "revision_history": [ { "date": "2024-02-13T17:07:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-13T17:07:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T05:01:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7", "product": { "name": "Red Hat Single Sign-On 7", "product_id": "Red Hat Single Sign-On 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T17:07:54+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "guava: insecure temporary directory creation" }, { "acknowledgments": [ { "names": [ "Lauritz Holtmann" ], "organization": "https://security.lauritz-holtmann.de/" } ], "cve": "CVE-2023-6134", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2249673" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6134" }, { "category": "external", "summary": "RHBZ#2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134" } ], "release_date": "2023-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T17:07:54+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri" }, { "cve": "CVE-2023-6291", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-11-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2251407" } ], "notes": [ { "category": "description", "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: redirect_uri validation bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "category": "external", "summary": "RHBZ#2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" } ], "release_date": "2023-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T17:07:54+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: redirect_uri validation bypass" }, { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T17:07:54+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Pontus Hanssen" ], "organization": "Pontus.Hanssen@omegapoint.se" } ], "cve": "CVE-2023-6927", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-12-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2255027" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6927" }, { "category": "external", "summary": "RHBZ#2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T17:07:54+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode" }, { "cve": "CVE-2023-26048", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236340" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26048" }, { "category": "external", "summary": "RHBZ#2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T17:07:54+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()" }, { "cve": "CVE-2023-26049", "cwe": { "id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236341" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26049" }, { "category": "external", "summary": "RHBZ#2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T17:07:54+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T17:07:54+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
rhsa-2024_3708
Vulnerability from csaf_redhat
Published
2024-06-06 16:42
Modified
2024-11-06 06:06
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.6 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 3.20.6 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 3.20.6 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* xalan: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)
* jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data (CVE-2022-45685)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* springframework: URL Parsing with Host Validation (CVE-2024-22262)
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat build of Apache Camel 3.20.6 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat build of Apache Camel 3.20.6 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* xalan: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)\n\n* jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data (CVE-2022-45685)\n\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n\n* springframework: URL Parsing with Host Validation (CVE-2024-22262)\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3708", "url": "https://access.redhat.com/errata/RHSA-2024:3708" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2108554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554" }, { "category": "external", "summary": "2214825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214825" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "2270732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732" }, { "category": "external", "summary": "2275257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275257" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3708.json" } ], "title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.6 for Spring Boot security update.", "tracking": { "current_release_date": "2024-11-06T06:06:32+00:00", "generator": { "date": "2024-11-06T06:06:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:3708", "initial_release_date": "2024-06-06T16:42:04+00:00", "revision_history": [ { "date": "2024-06-06T16:42:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-06T16:42:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T06:06:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat build of Apache Camel 3.20.6 for Spring Boot", "product": { "name": "Red Hat build of Apache Camel 3.20.6 for Spring Boot", "product_id": "Red Hat build of Apache Camel 3.20.6 for Spring Boot", "product_identification_helper": { "cpe": "cpe:/a:redhat:apache_camel_spring_boot:3.20.6" } } } ], "category": "product_family", "name": "Red Hat Build of Apache Camel" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-34169", "cwe": { "id": "CWE-192", "name": "Integer Coercion Error" }, "discovery_date": "2022-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2108554" } ], "notes": [ { "category": "description", "text": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-34169" }, { "category": "external", "summary": "RHBZ#2108554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-34169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169" } ], "release_date": "2022-07-19T20:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-06T16:42:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3708" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)" }, { "cve": "CVE-2022-45685", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-06-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2214825" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison. Sending a specially crafted string can cause a stack-based buffer overflow. This issue may allow a remote attacker to cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate. A successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45685" }, { "category": "external", "summary": "RHBZ#2214825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214825" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45685", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45685" } ], "release_date": "2022-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-06T16:42:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3708" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-06T16:42:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3708" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" }, { "cve": "CVE-2024-22262", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2275257" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Spring Framework. Applications that use UriComponentsBuilder to parse an externally provided URL, for example, through a query parameter, and perform validation checks on the host of the parsed URL may be vulnerable to an open redirect attack or an SSRF attack if the URL is used after passing validation checks.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: URL Parsing with Host Validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 does not use the affected function, but the function is still available for user convenience which demands one to validate the input.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22262" }, { "category": "external", "summary": "RHBZ#2275257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22262", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22262" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262" }, { "category": "external", "summary": "https://spring.io/security/cve-2024-22262", "url": "https://spring.io/security/cve-2024-22262" } ], "release_date": "2024-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-06T16:42:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3708" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "springframework: URL Parsing with Host Validation" }, { "cve": "CVE-2024-28752", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270732" } ], "notes": [ { "category": "description", "text": "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28752" }, { "category": "external", "summary": "RHBZ#2270732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28752", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", "url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-qmgx-j96g-4428", "url": "https://github.com/advisories/GHSA-qmgx-j96g-4428" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-06T16:42:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3708" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", "product_ids": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 3.20.6 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding" } ] }
rhsa-2024_0711
Vulnerability from csaf_redhat
Published
2024-02-07 08:38
Modified
2024-11-06 04:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jgit: arbitrary file overwrite (CVE-2023-4759)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jgit: arbitrary file overwrite (CVE-2023-4759)\n\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0711", "url": "https://access.redhat.com/errata/RHSA-2024:0711" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "JBEAP-25375", "url": "https://issues.redhat.com/browse/JBEAP-25375" }, { "category": "external", "summary": "JBEAP-25616", "url": "https://issues.redhat.com/browse/JBEAP-25616" }, { "category": "external", "summary": "JBEAP-25785", "url": "https://issues.redhat.com/browse/JBEAP-25785" }, { "category": "external", "summary": "JBEAP-25944", "url": "https://issues.redhat.com/browse/JBEAP-25944" }, { "category": "external", "summary": "JBEAP-26013", "url": "https://issues.redhat.com/browse/JBEAP-26013" }, { "category": "external", "summary": "JBEAP-26021", "url": "https://issues.redhat.com/browse/JBEAP-26021" }, { "category": "external", "summary": "JBEAP-26025", "url": "https://issues.redhat.com/browse/JBEAP-26025" }, { "category": "external", "summary": "JBEAP-26049", "url": "https://issues.redhat.com/browse/JBEAP-26049" }, { "category": "external", "summary": "JBEAP-26051", "url": "https://issues.redhat.com/browse/JBEAP-26051" }, { "category": "external", "summary": "JBEAP-26101", "url": "https://issues.redhat.com/browse/JBEAP-26101" }, { "category": "external", "summary": "JBEAP-26115", "url": "https://issues.redhat.com/browse/JBEAP-26115" }, { "category": "external", "summary": "JBEAP-26159", "url": "https://issues.redhat.com/browse/JBEAP-26159" }, { "category": "external", "summary": "JBEAP-26164", "url": "https://issues.redhat.com/browse/JBEAP-26164" }, { "category": "external", "summary": "JBEAP-26169", "url": "https://issues.redhat.com/browse/JBEAP-26169" }, { "category": "external", "summary": "JBEAP-26266", "url": "https://issues.redhat.com/browse/JBEAP-26266" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0711.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update", "tracking": { "current_release_date": "2024-11-06T04:56:41+00:00", "generator": { "date": "2024-11-06T04:56:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0711", "initial_release_date": "2024-02-07T08:38:29+00:00", "revision_history": [ { "date": "2024-02-07T08:38:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-07T08:38:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T04:56:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j2-jboss-logmanager@1.1.2-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-spi@3.4.0-4.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-7.SP08_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.9-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "product_id": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.1-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.21-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src", "product_id": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.2.6-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.16-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.1-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-msc@1.4.13-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.17-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.2-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-34.Final_redhat_00033.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-protostream@4.3.6-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.15-2.GA_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.33-2.Final_redhat_00001.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j2-jboss-logmanager@1.1.2-1.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "product_id": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-spi@3.4.0-4.Final_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-7.SP08_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.9-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.1-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.21-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.21-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.2.6-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.16-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-msc@1.4.13-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.17-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.2-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-34.Final_redhat_00033.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-34.Final_redhat_00033.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-34.Final_redhat_00033.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-protostream@4.3.6-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.15-2.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.15-2.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.15-2.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.15-2.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.15-2.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.15-2.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.33-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.33-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.33-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.33-2.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.33-2.Final_redhat_00001.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.1-1.redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4759", "discovery_date": "2023-09-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238614" } ], "notes": [ { "category": "description", "text": "Arbitrary File Overwrite in Eclipse JGit \u003c= 6.6.0\n\nIn Eclipse JGit, all versions \u003c= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger\u00a0via its WorkingTreeUpdater), pull (PullCommand\u00a0using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ \u00a0and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n", "title": "Vulnerability description" }, { "category": "summary", "text": "jgit: arbitrary file overwrite", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4759" }, { "category": "external", "summary": "RHBZ#2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4759", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4759" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759" } ], "release_date": "2023-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-07T08:38:29+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0711" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jgit: arbitrary file overwrite" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-07T08:38:29+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0711" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
rhsa-2024_0798
Vulnerability from csaf_redhat
Published
2024-02-13 16:55
Modified
2024-11-06 05:01
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.7 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0798", "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0798.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 7", "tracking": { "current_release_date": "2024-11-06T05:01:16+00:00", "generator": { "date": "2024-11-06T05:01:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0798", "initial_release_date": "2024-02-13T16:55:55+00:00", "revision_history": [ { "date": "2024-02-13T16:55:55+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-13T16:55:55+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T05:01:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.12-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:55+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "guava: insecure temporary directory creation" }, { "acknowledgments": [ { "names": [ "Lauritz Holtmann" ], "organization": "https://security.lauritz-holtmann.de/" } ], "cve": "CVE-2023-6134", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2249673" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6134" }, { "category": "external", "summary": "RHBZ#2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134" } ], "release_date": "2023-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:55+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0798" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri" }, { "cve": "CVE-2023-6291", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-11-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2251407" } ], "notes": [ { "category": "description", "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: redirect_uri validation bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "category": "external", "summary": "RHBZ#2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" } ], "release_date": "2023-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:55+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: redirect_uri validation bypass" }, { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:55+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0798" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Pontus Hanssen" ], "organization": "Pontus.Hanssen@omegapoint.se" } ], "cve": "CVE-2023-6927", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-12-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2255027" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6927" }, { "category": "external", "summary": "RHBZ#2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:55+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode" }, { "cve": "CVE-2023-26048", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236340" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26048" }, { "category": "external", "summary": "RHBZ#2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:55+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0798" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()" }, { "cve": "CVE-2023-26049", "cwe": { "id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236341" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26049" }, { "category": "external", "summary": "RHBZ#2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:55+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0798" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:55+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0798" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
rhsa-2024_0789
Vulnerability from csaf_redhat
Published
2024-02-12 16:02
Modified
2024-11-06 05:01
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 release (RHBQ 3.2.10.Final)
Notes
Topic
An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.10.Final).
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.10.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Security Fix(es):
* parsson: Denial of Service due to large number parsing (CVE-2023-4043)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.10.Final).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.10.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\nSecurity Fix(es):\n\n* parsson: Denial of Service due to large number parsing (CVE-2023-4043)\n\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0789", "url": "https://access.redhat.com/errata/RHSA-2024:0789" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=rhboac\u0026downloadType=distributions\u0026version=4.0.x", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=rhboac\u0026downloadType=distributions\u0026version=4.0.x" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2254594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254594" }, { "category": "external", "summary": "2256063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0789.json" } ], "title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 release (RHBQ 3.2.10.Final)", "tracking": { "current_release_date": "2024-11-06T05:01:43+00:00", "generator": { "date": "2024-11-06T05:01:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0789", "initial_release_date": "2024-02-12T16:02:02+00:00", "revision_history": [ { "date": "2024-02-12T16:02:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-12T16:02:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T05:01:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)", "product": { "name": "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)", "product_id": "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)", "product_identification_helper": { "cpe": "cpe:/a:redhat:camel_quarkus:3" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4043", "cwe": { "id": "CWE-834", "name": "Excessive Iteration" }, "discovery_date": "2023-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254594" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service (DoS) due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected.", "title": "Vulnerability description" }, { "category": "summary", "text": "parsson: Denial of Service due to large number parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as an important impact since one needs to process untrusted and if there is no sanitization a Denial of Service (DoS) may happen.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4043" }, { "category": "external", "summary": "RHBZ#2254594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254594" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4043", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4043" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4043", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4043" } ], "release_date": "2023-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T16:02:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0789" }, { "category": "workaround", "details": "Avoid processing untrusted sources content in order to minimize the chance for Denial of Service attack.", "product_ids": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "parsson: Denial of Service due to large number parsing" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T16:02:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0789" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T16:02:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0789" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "cve": "CVE-2023-51074", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2023-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2256063" } ], "notes": [ { "category": "description", "text": "A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "json-path: stack-based buffer overflow in Criteria.parse method", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this at maximum of a Moderate impact. When interacting with a server to explore this possible vulnerability, the attacker would be the only one seeing a HTTP 500 error and no other user (or the server entirely) would be vulnerable in a real application scenario with multi-threads.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-51074" }, { "category": "external", "summary": "RHBZ#2256063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256063" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-51074", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51074" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51074" }, { "category": "external", "summary": "https://github.com/json-path/JsonPath/issues/973", "url": "https://github.com/json-path/JsonPath/issues/973" } ], "release_date": "2023-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T16:02:02+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0789" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json-path: stack-based buffer overflow in Criteria.parse method" } ] }
rhsa-2024_0714
Vulnerability from csaf_redhat
Published
2024-02-06 19:55
Modified
2024-11-06 04:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* santuario: Private Key disclosure in debug-log output [eap-7.4.z] (CVE-2023-44483)
* jgit: arbitrary file overwrite [eap-7.4.z] (CVE-2023-4759)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* santuario: Private Key disclosure in debug-log output [eap-7.4.z] (CVE-2023-44483)\n\n* jgit: arbitrary file overwrite [eap-7.4.z] (CVE-2023-4759)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0714", "url": "https://access.redhat.com/errata/RHSA-2024:0714" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "JBEAP-25375", "url": "https://issues.redhat.com/browse/JBEAP-25375" }, { "category": "external", "summary": "JBEAP-25616", "url": "https://issues.redhat.com/browse/JBEAP-25616" }, { "category": "external", "summary": "JBEAP-25785", "url": "https://issues.redhat.com/browse/JBEAP-25785" }, { "category": "external", "summary": "JBEAP-25944", "url": "https://issues.redhat.com/browse/JBEAP-25944" }, { "category": "external", "summary": "JBEAP-26013", "url": "https://issues.redhat.com/browse/JBEAP-26013" }, { "category": "external", "summary": "JBEAP-26021", "url": "https://issues.redhat.com/browse/JBEAP-26021" }, { "category": "external", "summary": "JBEAP-26025", "url": "https://issues.redhat.com/browse/JBEAP-26025" }, { "category": "external", "summary": "JBEAP-26049", "url": "https://issues.redhat.com/browse/JBEAP-26049" }, { "category": "external", "summary": "JBEAP-26051", "url": "https://issues.redhat.com/browse/JBEAP-26051" }, { "category": "external", "summary": "JBEAP-26101", "url": "https://issues.redhat.com/browse/JBEAP-26101" }, { "category": "external", "summary": "JBEAP-26115", "url": "https://issues.redhat.com/browse/JBEAP-26115" }, { "category": "external", "summary": "JBEAP-26159", "url": "https://issues.redhat.com/browse/JBEAP-26159" }, { "category": "external", "summary": "JBEAP-26164", "url": "https://issues.redhat.com/browse/JBEAP-26164" }, { "category": "external", "summary": "JBEAP-26169", "url": "https://issues.redhat.com/browse/JBEAP-26169" }, { "category": "external", "summary": "JBEAP-26266", "url": "https://issues.redhat.com/browse/JBEAP-26266" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0714.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update", "tracking": { "current_release_date": "2024-11-06T04:56:19+00:00", "generator": { "date": "2024-11-06T04:56:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0714", "initial_release_date": "2024-02-06T19:55:38+00:00", "revision_history": [ { "date": "2024-02-06T19:55:38+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-06T19:55:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T04:56:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "EAP 7.4.15", "product": { "name": "EAP 7.4.15", "product_id": "EAP 7.4.15", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4759", "discovery_date": "2023-09-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238614" } ], "notes": [ { "category": "description", "text": "Arbitrary File Overwrite in Eclipse JGit \u003c= 6.6.0\n\nIn Eclipse JGit, all versions \u003c= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger\u00a0via its WorkingTreeUpdater), pull (PullCommand\u00a0using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ \u00a0and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n", "title": "Vulnerability description" }, { "category": "summary", "text": "jgit: arbitrary file overwrite", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "EAP 7.4.15" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4759" }, { "category": "external", "summary": "RHBZ#2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4759", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4759" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759" } ], "release_date": "2023-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-06T19:55:38+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.15" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0714" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jgit: arbitrary file overwrite" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.15" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-06T19:55:38+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.15" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0714" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "EAP 7.4.15" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
rhsa-2024_0799
Vulnerability from csaf_redhat
Published
2024-02-13 16:55
Modified
2024-11-06 05:01
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.7 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)3-44483)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.7 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)3-44483)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0799", "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0799.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-06T05:01:26+00:00", "generator": { "date": "2024-11-06T05:01:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0799", "initial_release_date": "2024-02-13T16:55:12+00:00", "revision_history": [ { "date": "2024-02-13T16:55:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-13T16:55:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T05:01:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.12-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:12+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "guava: insecure temporary directory creation" }, { "acknowledgments": [ { "names": [ "Lauritz Holtmann" ], "organization": "https://security.lauritz-holtmann.de/" } ], "cve": "CVE-2023-6134", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2249673" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6134" }, { "category": "external", "summary": "RHBZ#2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134" } ], "release_date": "2023-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:12+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri" }, { "cve": "CVE-2023-6291", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-11-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2251407" } ], "notes": [ { "category": "description", "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: redirect_uri validation bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "category": "external", "summary": "RHBZ#2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" } ], "release_date": "2023-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:12+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: redirect_uri validation bypass" }, { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:12+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Pontus Hanssen" ], "organization": "Pontus.Hanssen@omegapoint.se" } ], "cve": "CVE-2023-6927", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-12-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2255027" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6927" }, { "category": "external", "summary": "RHBZ#2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:12+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode" }, { "cve": "CVE-2023-26048", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236340" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26048" }, { "category": "external", "summary": "RHBZ#2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:12+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()" }, { "cve": "CVE-2023-26049", "cwe": { "id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236341" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26049" }, { "category": "external", "summary": "RHBZ#2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:12+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:55:12+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.12-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
rhsa-2024_0712
Vulnerability from csaf_redhat
Published
2024-02-07 08:37
Modified
2024-11-06 04:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.15 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* jgit: arbitrary file overwrite (CVE-2023-4759)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n\n* jgit: arbitrary file overwrite (CVE-2023-4759)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0712", "url": "https://access.redhat.com/errata/RHSA-2024:0712" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "JBEAP-25375", "url": "https://issues.redhat.com/browse/JBEAP-25375" }, { "category": "external", "summary": "JBEAP-25616", "url": "https://issues.redhat.com/browse/JBEAP-25616" }, { "category": "external", "summary": "JBEAP-25785", "url": "https://issues.redhat.com/browse/JBEAP-25785" }, { "category": "external", "summary": "JBEAP-25944", "url": "https://issues.redhat.com/browse/JBEAP-25944" }, { "category": "external", "summary": "JBEAP-26013", "url": "https://issues.redhat.com/browse/JBEAP-26013" }, { "category": "external", "summary": "JBEAP-26021", "url": "https://issues.redhat.com/browse/JBEAP-26021" }, { "category": "external", "summary": "JBEAP-26025", "url": "https://issues.redhat.com/browse/JBEAP-26025" }, { "category": "external", "summary": "JBEAP-26049", "url": "https://issues.redhat.com/browse/JBEAP-26049" }, { "category": "external", "summary": "JBEAP-26051", "url": "https://issues.redhat.com/browse/JBEAP-26051" }, { "category": "external", "summary": "JBEAP-26101", "url": "https://issues.redhat.com/browse/JBEAP-26101" }, { "category": "external", "summary": "JBEAP-26115", "url": "https://issues.redhat.com/browse/JBEAP-26115" }, { "category": "external", "summary": "JBEAP-26159", "url": "https://issues.redhat.com/browse/JBEAP-26159" }, { "category": "external", "summary": "JBEAP-26164", "url": "https://issues.redhat.com/browse/JBEAP-26164" }, { "category": "external", "summary": "JBEAP-26169", "url": "https://issues.redhat.com/browse/JBEAP-26169" }, { "category": "external", "summary": "JBEAP-26266", "url": "https://issues.redhat.com/browse/JBEAP-26266" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0712.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.15 security update", "tracking": { "current_release_date": "2024-11-06T04:56:30+00:00", "generator": { "date": "2024-11-06T04:56:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0712", "initial_release_date": "2024-02-07T08:37:47+00:00", "revision_history": [ { "date": "2024-02-07T08:37:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-07T08:37:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T04:56:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "product": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "product_id": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-spi@3.4.0-4.Final_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.17-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-7.SP08_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "product": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "product_id": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j2-jboss-logmanager@1.1.2-1.Final_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.9-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.1-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.21-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "product_id": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.1-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.16-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src", "product_id": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.2.6-1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-msc@1.4.13-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.17-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.2-1.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-34.Final_redhat_00033.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-protostream@4.3.6-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "product": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "product_id": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.15-2.GA_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.33-2.Final_redhat_00001.1.el9eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "product_id": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-spi@3.4.0-4.Final_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.17-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-7.SP08_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "product_id": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j2-jboss-logmanager@1.1.2-1.Final_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.21-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.21-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.1-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.2.6-1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-msc@1.4.13-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.17-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.2-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-34.Final_redhat_00033.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-34.Final_redhat_00033.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-34.Final_redhat_00033.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-protostream@4.3.6-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.15-2.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.15-2.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.15-2.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.15-2.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.15-2.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.15-2.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.33-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.33-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.33-2.Final_redhat_00001.1.el9eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.1-1.redhat_00001.1.el9eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4759", "discovery_date": "2023-09-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238614" } ], "notes": [ { "category": "description", "text": "Arbitrary File Overwrite in Eclipse JGit \u003c= 6.6.0\n\nIn Eclipse JGit, all versions \u003c= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger\u00a0via its WorkingTreeUpdater), pull (PullCommand\u00a0using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ \u00a0and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n", "title": "Vulnerability description" }, { "category": "summary", "text": "jgit: arbitrary file overwrite", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4759" }, { "category": "external", "summary": "RHBZ#2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4759", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4759" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759" } ], "release_date": "2023-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-07T08:37:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0712" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jgit: arbitrary file overwrite" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-07T08:37:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0712" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
rhsa-2024_0801
Vulnerability from csaf_redhat
Published
2024-02-13 16:54
Modified
2024-11-06 05:01
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 for OpenShift image enhancement update
Notes
Topic
A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.
Security Fix(es):
* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)
* open redirect via "form_post.jwt" JARM response mode (CVE-2023-6927)
* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)
This erratum releases a new image for Red Hat Single Sign-On 7.6.7 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform
3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\nSecurity Fix(es):\n* redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts (CVE-2023-6291)\n* guava: insecure temporary directory creation (CVE-2023-2976)\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n* reflected XSS via wildcard in OIDC redirect_uri (CVE-2023-6134)\n* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)\n* santuario: Private Key disclosure in debug-log output (CVE-2023-44483)\n* Log Injection during WebAuthn authentication or registration (CVE-2023-6484)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.7 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform\n3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0801", "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0801.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 for OpenShift image enhancement update", "tracking": { "current_release_date": "2024-11-06T05:01:38+00:00", "generator": { "date": "2024-11-06T05:01:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0801", "initial_release_date": "2024-02-13T16:54:08+00:00", "revision_history": [ { "date": "2024-02-13T16:54:08+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-13T16:54:08+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T05:01:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Middleware Containers for OpenShift", "product": { "name": "Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhosemc:1.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995?arch=s390x\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-41" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64 as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "relates_to_product_reference": "8Base-RHOSE-Middleware" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "relates_to_product_reference": "8Base-RHOSE-Middleware" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le", "relates_to_product_reference": "8Base-RHOSE-Middleware" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:54:08+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: insecure temporary directory creation" }, { "acknowledgments": [ { "names": [ "Lauritz Holtmann" ], "organization": "https://security.lauritz-holtmann.de/" } ], "cve": "CVE-2023-6134", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2249673" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS via wildcard in OIDC redirect_uri", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6134" }, { "category": "external", "summary": "RHBZ#2249673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6134", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6134" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134" } ], "release_date": "2023-11-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:54:08+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0801" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: reflected XSS via wildcard in OIDC redirect_uri" }, { "cve": "CVE-2023-6291", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-11-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2251407" } ], "notes": [ { "category": "description", "text": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: redirect_uri validation bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "category": "external", "summary": "RHBZ#2251407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6291", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" } ], "release_date": "2023-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:54:08+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: redirect_uri validation bypass" }, { "cve": "CVE-2023-6484", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2023-11-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2248423" } ], "notes": [ { "category": "description", "text": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Log Injection during WebAuthn authentication or registration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "category": "external", "summary": "RHBZ#2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6484", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6484" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" } ], "release_date": "2023-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:54:08+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0801" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Log Injection during WebAuthn authentication or registration" }, { "acknowledgments": [ { "names": [ "Pontus Hanssen" ], "organization": "Pontus.Hanssen@omegapoint.se" } ], "cve": "CVE-2023-6927", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-12-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2255027" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: open redirect via \"form_post.jwt\" JARM response mode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a moderate, following the same case for CVE-2023-6134, but with another response mode with JSON Web Token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6927" }, { "category": "external", "summary": "RHBZ#2255027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6927", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:54:08+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: open redirect via \"form_post.jwt\" JARM response mode" }, { "cve": "CVE-2023-26048", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236340" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26048" }, { "category": "external", "summary": "RHBZ#2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:54:08+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0801" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()" }, { "cve": "CVE-2023-26049", "cwe": { "id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236341" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26049" }, { "category": "external", "summary": "RHBZ#2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:54:08+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0801" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-13T16:54:08+00:00", "details": "To update to the latest Red Hat Single Sign-On 7.6.7 for OpenShift\nimage, Follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.7.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.7 for OpenShift streams in the\n\"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0801" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:1cde6dbbee3aa25be767953c45670d4c2592d61a7af776e7e0d0d1b08a1d23ab_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:23d03851f0946e0ce058bfeeb458112e752b6b0dd8ebca078dc41b8e94c8e995_s390x", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:2a21973655961ae87984bf1b76843419680fb0228fa0084c5bf8c696058bbc8d_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
rhsa-2024_0710
Vulnerability from csaf_redhat
Published
2024-02-07 08:37
Modified
2024-11-06 04:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* santuario: Private Key disclosure in debug-log output [eap-7.4.z] (CVE-2023-44483)
* jgit: arbitrary file overwrite [eap-7.4.z] (CVE-2023-4759)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* santuario: Private Key disclosure in debug-log output [eap-7.4.z] (CVE-2023-44483)\n\n* jgit: arbitrary file overwrite [eap-7.4.z] (CVE-2023-4759)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0710", "url": "https://access.redhat.com/errata/RHSA-2024:0710" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "JBEAP-25375", "url": "https://issues.redhat.com/browse/JBEAP-25375" }, { "category": "external", "summary": "JBEAP-25616", "url": "https://issues.redhat.com/browse/JBEAP-25616" }, { "category": "external", "summary": "JBEAP-25785", "url": "https://issues.redhat.com/browse/JBEAP-25785" }, { "category": "external", "summary": "JBEAP-25944", "url": "https://issues.redhat.com/browse/JBEAP-25944" }, { "category": "external", "summary": "JBEAP-26013", "url": "https://issues.redhat.com/browse/JBEAP-26013" }, { "category": "external", "summary": "JBEAP-26021", "url": "https://issues.redhat.com/browse/JBEAP-26021" }, { "category": "external", "summary": "JBEAP-26025", "url": "https://issues.redhat.com/browse/JBEAP-26025" }, { "category": "external", "summary": "JBEAP-26049", "url": "https://issues.redhat.com/browse/JBEAP-26049" }, { "category": "external", "summary": "JBEAP-26051", "url": "https://issues.redhat.com/browse/JBEAP-26051" }, { "category": "external", "summary": "JBEAP-26101", "url": "https://issues.redhat.com/browse/JBEAP-26101" }, { "category": "external", "summary": "JBEAP-26115", "url": "https://issues.redhat.com/browse/JBEAP-26115" }, { "category": "external", "summary": "JBEAP-26159", "url": "https://issues.redhat.com/browse/JBEAP-26159" }, { "category": "external", "summary": "JBEAP-26164", "url": "https://issues.redhat.com/browse/JBEAP-26164" }, { "category": "external", "summary": "JBEAP-26169", "url": "https://issues.redhat.com/browse/JBEAP-26169" }, { "category": "external", "summary": "JBEAP-26266", "url": "https://issues.redhat.com/browse/JBEAP-26266" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0710.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update", "tracking": { "current_release_date": "2024-11-06T04:56:52+00:00", "generator": { "date": "2024-11-06T04:56:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0710", "initial_release_date": "2024-02-07T08:37:56+00:00", "revision_history": [ { "date": "2024-02-07T08:37:56+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-07T08:37:56+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T04:56:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j2-jboss-logmanager@1.1.2-1.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src", "product_id": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.2.6-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-7.SP08_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-spi@3.4.0-4.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.9-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.1-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.16-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src", "product_id": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.1-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.21-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-msc@1.4.13-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.17-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.2-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-34.Final_redhat_00033.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-protostream@4.3.6-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.15-2.GA_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.33-2.Final_redhat_00001.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j2-jboss-logmanager@1.1.2-1.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.2.6-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-7.SP08_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-spi@3.4.0-4.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.9-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.16-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.1-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.21-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.21-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-msc@1.4.13-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.17-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.2-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-34.Final_redhat_00033.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-34.Final_redhat_00033.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-34.Final_redhat_00033.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-protostream@4.3.6-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.15-2.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.15-2.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.15-2.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.15-2.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.15-2.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.33-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.33-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.33-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.33-2.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.33-2.Final_redhat_00001.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "product_id": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.1-1.redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "product_id": "eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.1.1-1.redhat_00001.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4759", "discovery_date": "2023-09-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238614" } ], "notes": [ { "category": "description", "text": "Arbitrary File Overwrite in Eclipse JGit \u003c= 6.6.0\n\nIn Eclipse JGit, all versions \u003c= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger\u00a0via its WorkingTreeUpdater), pull (PullCommand\u00a0using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ \u00a0and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n", "title": "Vulnerability description" }, { "category": "summary", "text": "jgit: arbitrary file overwrite", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4759" }, { "category": "external", "summary": "RHBZ#2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4759", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4759" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759" } ], "release_date": "2023-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-07T08:37:56+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0710" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jgit: arbitrary file overwrite" }, { "cve": "CVE-2023-44483", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2023-10-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2246070" } ], "notes": [ { "category": "description", "text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "title": "Vulnerability description" }, { "category": "summary", "text": "santuario: Private Key disclosure in debug-log output", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44483" }, { "category": "external", "summary": "RHBZ#2246070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246070" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/20/5", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" }, { "category": "external", "summary": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" } ], "release_date": "2023-10-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-07T08:37:56+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0710" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.2-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-7.SP08_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.33-2.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.33-2.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.16-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.16-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.1-1.redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-msc-0:1.4.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-34.Final_redhat_00033.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-34.Final_redhat_00033.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jbossws-spi-0:3.4.0-4.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.1.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-protostream-0:4.3.6-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.9-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.9-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.15-2.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.21-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.21-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.15-2.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.17-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xml-security-0:2.2.6-1.redhat_00002.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "santuario: Private Key disclosure in debug-log output" } ] }
ghsa-xfrj-6vvc-3xm2
Vulnerability from github
Published
2023-10-20 12:31
Modified
2023-10-31 21:31
Severity ?
Summary
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
Details
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.santuario:xmlsec" }, "ranges": [ { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.santuario:xmlsec" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.2.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.santuario:xmlsec" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.0.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-44483" ], "database_specific": { "cwe_ids": [ "CWE-532" ], "github_reviewed": true, "github_reviewed_at": "2023-10-20T22:59:19Z", "nvd_published_at": "2023-10-20T10:15:12Z", "severity": "MODERATE" }, "details": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n", "id": "GHSA-xfrj-6vvc-3xm2", "modified": "2023-10-31T21:31:25Z", "published": "2023-10-20T12:31:04Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44483" }, { "type": "PACKAGE", "url": "https://github.com/apache/santuario-java" }, { "type": "WEB", "url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55" }, { "type": "WEB", "url": "https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc?version=1\u0026modificationDate=1697782758000\u0026api=v2" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2023/10/20/5" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ], "summary": "Apache Santuario - XML Security for Java are vulnerable to private key disclosure" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.