Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-47561
Vulnerability from cvelistv5
Published
2024-10-03 10:23
Modified
2024-10-21 08:51
Severity ?
EPSS score ?
Summary
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Avro Java SDK |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-10-11T22:03:16.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/10/03/1", }, { url: "https://security.netapp.com/advisory/ntap-20241011-0003/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*", ], defaultStatus: "unknown", product: "avro", vendor: "apache", versions: [ { lessThan: "1.11.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-47561", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T18:53:44.038603Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T18:59:41.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://repo.maven.apache.org/maven2", defaultStatus: "unaffected", packageName: "org.apache.avro:avro", product: "Apache Avro Java SDK", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.11.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Kostya Kortchinsky, from the Databricks Security Team", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.<br>Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.", }, ], value: "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.", }, ], metrics: [ { other: { content: { text: "critical", }, type: "Textual description of severity", }, }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 9.2, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T08:51:22.972Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-47561", datePublished: "2024-10-03T10:23:16.214Z", dateReserved: "2024-09-27T07:06:47.522Z", dateUpdated: "2024-10-21T08:51:22.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { descriptions: "[{\"lang\": \"en\", \"value\": \"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\\nUsers are recommended to upgrade to version 1.11.4\\u00a0 or 1.12.0, which fix this issue.\"}, {\"lang\": \"es\", \"value\": \"El an\\u00e1lisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten c\\u00f3digo arbitrario. Se recomienda a los usuarios actualizar a la versi\\u00f3n 1.11.4 o 1.12.0, que solucionan este problema.\"}]", id: "CVE-2024-47561", lastModified: "2024-11-21T09:39:54.757", metrics: "{\"cvssMetricV40\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 9.2, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.4}]}", published: "2024-10-03T11:15:13.510", references: "[{\"url\": \"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/03/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241011-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", weaknesses: "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-47561\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-10-03T11:15:13.510\",\"lastModified\":\"2024-11-21T09:39:54.757\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\\nUsers are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.\"},{\"lang\":\"es\",\"value\":\"El análisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten código arbitrario. Se recomienda a los usuarios actualizar a la versión 1.11.4 o 1.12.0, que solucionan este problema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/10/03/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241011-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/03/1\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241011-0003/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-11T22:03:16.050Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47561\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T18:53:44.038603Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*\"], \"vendor\": \"apache\", \"product\": \"avro\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.11.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T18:55:37.785Z\"}}], \"cna\": {\"title\": \"Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Kostya Kortchinsky, from the Databricks Security Team\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"critical\"}}}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Avro Java SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.11.4\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.avro:avro\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\\nUsers are recommended to upgrade to version 1.11.4\\u00a0 or 1.12.0, which fix this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.<br>Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-10-21T08:51:22.972Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-47561\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T08:51:22.972Z\", \"dateReserved\": \"2024-09-27T07:06:47.522Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-10-03T10:23:16.214Z\", \"assignerShortName\": \"apache\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
RHSA-2024:8339
Vulnerability from csaf_redhat
Published
2024-10-22 18:29
Modified
2025-03-19 10:23
Summary
Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.
Notes
Topic
Red Hat Integration Camel K 1.10.8 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Camel K 1.10.8 is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
* org.apache.camel-camel-cassandraql: : Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository (CVE-2024-23114)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel K 1.10.8 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Camel K 1.10.8 is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\n* org.apache.camel-camel-cassandraql: : Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository (CVE-2024-23114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8339", url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2265053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265053", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8339.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.", tracking: { current_release_date: "2025-03-19T10:23:36+00:00", generator: { date: "2025-03-19T10:23:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:8339", initial_release_date: "2024-10-22T18:29:33+00:00", revision_history: [ { date: "2024-10-22T18:29:33+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-22T18:29:33+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T10:23:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-K 1.10.8", product: { name: "RHINT Camel-K 1.10.8", product_id: "RHINT Camel-K 1.10.8", product_identification_helper: { cpe: "cpe:/a:redhat:camel_k:1.10.8", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-23114", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265053", }, ], notes: [ { category: "description", text: "A deserialization of untrusted data flaw was found in the Apache Camel CassandraQL Component AggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload.", title: "Vulnerability description", }, { category: "summary", text: "Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23114", }, { category: "external", summary: "RHBZ#2265053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265053", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23114", url: "https://www.cve.org/CVERecord?id=CVE-2024-23114", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23114", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23114", }, { category: "external", summary: "https://camel.apache.org/", url: "https://camel.apache.org/", }, { category: "external", summary: "https://issues.apache.org/jira/browse/CAMEL-20306", url: "https://issues.apache.org/jira/browse/CAMEL-20306", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "RHINT Camel-K 1.10.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "RHINT Camel-K 1.10.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:8093
Vulnerability from csaf_redhat
Published
2024-10-14 19:55
Modified
2025-03-03 15:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8093", url: "https://access.redhat.com/errata/RHSA-2024:8093", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8093.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update", tracking: { current_release_date: "2025-03-03T15:28:48+00:00", generator: { date: "2025-03-03T15:28:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:8093", initial_release_date: "2024-10-14T19:55:01+00:00", revision_history: [ { date: "2024-10-14T19:55:01+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-14T19:55:01+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:28:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T19:55:01+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: \nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8093", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:8064
Vulnerability from csaf_redhat
Published
2024-10-14 15:53
Modified
2025-03-14 18:11
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)
* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)
* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)\n\n* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)\n\n* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8064", url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "2314495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314495", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8064.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.", tracking: { current_release_date: "2025-03-14T18:11:48+00:00", generator: { date: "2025-03-14T18:11:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:8064", initial_release_date: "2024-10-14T15:53:39+00:00", revision_history: [ { date: "2024-10-14T15:53:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-14T15:53:39+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T18:11:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product: { name: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product_id: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product_identification_helper: { cpe: "cpe:/a:redhat:apache_camel_spring_boot:4.4.3", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-04T17:02:58.468000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309764", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Nimbus Jose JWT package. This issue could allow an attacker to use a malicious large JWE p2c header value for PasswordBasedDecrypter and cause a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-52428", }, { category: "external", summary: "RHBZ#2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-52428", url: "https://www.cve.org/CVERecord?id=CVE-2023-52428", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, ], release_date: "2024-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", }, { cve: "CVE-2024-38809", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-24T20:00:28.839621+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314495", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Web (org.springframework:spring-web) package. Due to improper ETag prefix validation when the application parses ETags from the `If-Match` or `If-None-Match` request headers, an attacker can trigger a denial of service by sending a maliciously crafted conditional HTTP request.", title: "Vulnerability description", }, { category: "summary", text: "org.springframework:spring-web: Spring Framework DoS via conditional HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38809", }, { category: "external", summary: "RHBZ#2314495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38809", url: "https://www.cve.org/CVERecord?id=CVE-2024-38809", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38809", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38809", }, { category: "external", summary: "http://github.com/spring-projects/spring-framework", url: "http://github.com/spring-projects/spring-framework", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3", url: "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533", url: "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85", url: "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/issues/33372", url: "https://github.com/spring-projects/spring-framework/issues/33372", }, { category: "external", summary: "https://spring.io/security/cve-2024-38809", url: "https://spring.io/security/cve-2024-38809", }, ], release_date: "2024-09-24T18:34:43+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.springframework:spring-web: Spring Framework DoS via conditional HTTP request", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-09-13T06:20:08.422867+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312060", }, ], notes: [ { category: "description", text: "A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a FileSystemResource location.", title: "Vulnerability description", }, { category: "summary", text: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", title: "Vulnerability summary", }, { category: "other", text: "Path traversal vulnerabilities in applications that serve static resources via RouterFunctions and FileSystemResource pose a important security risk, as they allow attackers to bypass access controls and retrieve arbitrary files from the server's filesystem. This type of attack can lead to unauthorized exposure of sensitive data, such as configuration files, environment variables, or authentication credentials. If exploited, it can further facilitate privilege escalation, lateral movement, or remote code execution within the system. Given the broad access it grants to the server's filesystem, the potential for system compromise makes path traversal vulnerabilities a high-severity issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38816", }, { category: "external", summary: "RHBZ#2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38816", url: "https://www.cve.org/CVERecord?id=CVE-2024-38816", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", }, { category: "external", summary: "https://spring.io/security/cve-2024-38816", url: "https://spring.io/security/cve-2024-38816", }, ], release_date: "2024-09-13T06:15:11.190000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_7972
Vulnerability from csaf_redhat
Published
2024-10-10 14:00
Modified
2024-12-06 13:14
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1)
Notes
Topic
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of Critical.
Details
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* CVE-2024-47561 org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE)
* CVE-2024-7254 com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\nRed Hat Product Security has rated this update as having a security impact of Critical.", title: "Topic", }, { category: "general", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* CVE-2024-47561 org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE)\n* CVE-2024-7254 com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7972", url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7972.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1)", tracking: { current_release_date: "2024-12-06T13:14:19+00:00", generator: { date: "2024-12-06T13:14:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2024:7972", initial_release_date: "2024-10-10T14:00:25+00:00", revision_history: [ { date: "2024-10-10T14:00:25+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T14:00:25+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T13:14:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel for Quarkus", product: { name: "Red Hat build of Apache Camel for Quarkus", product_id: "Red Hat build of Apache Camel for Quarkus", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:3.8", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel for Quarkus", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T14:00:25+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel for Quarkus", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T14:00:25+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel for Quarkus", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_7811
Vulnerability from csaf_redhat
Published
2024-10-08 16:08
Modified
2024-12-04 22:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7811", url: "https://access.redhat.com/errata/RHSA-2024:7811", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7811.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update", tracking: { current_release_date: "2024-12-04T22:56:35+00:00", generator: { date: "2024-12-04T22:56:35+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2024:7811", initial_release_date: "2024-10-08T16:08:21+00:00", revision_history: [ { date: "2024-10-08T16:08:21+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-08T16:08:21+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-04T22:56:35+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-08T16:08:21+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7811", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:10207
Vulnerability from csaf_redhat
Published
2024-11-25 00:12
Modified
2025-03-19 10:23
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)
* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)
* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)\n\n* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10207", url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index", }, { category: "external", summary: "2010378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", }, { category: "external", summary: "2031667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031667", }, { category: "external", summary: "2041959", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041959", }, { category: "external", summary: "2041967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041967", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "JBEAP-23025", url: "https://issues.redhat.com/browse/JBEAP-23025", }, { category: "external", summary: "JBEAP-28084", url: "https://issues.redhat.com/browse/JBEAP-28084", }, { category: "external", summary: "JBEAP-28089", url: "https://issues.redhat.com/browse/JBEAP-28089", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10207.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update", tracking: { current_release_date: "2025-03-19T10:23:44+00:00", generator: { date: "2025-03-19T10:23:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:10207", initial_release_date: "2024-11-25T00:12:17+00:00", revision_history: [ { date: "2024-11-25T00:12:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-25T00:12:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T10:23:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product_id: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product_id: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product_id: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product_id: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product_id: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product_id: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product_id: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product_id: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-bindings@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-policy@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product_id: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product_id: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", }, product_reference: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", }, product_reference: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", }, product_reference: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", }, product_reference: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", }, product_reference: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2021-3859", cwe: { id: "CWE-214", name: "Invocation of Process Using Visible Sensitive Information", }, discovery_date: "2021-09-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2010378", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.", title: "Vulnerability description", }, { category: "summary", text: "undertow: client side invocation timeout raised when calling over HTTP2", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3859", }, { category: "external", summary: "RHBZ#2010378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3859", url: "https://www.cve.org/CVERecord?id=CVE-2021-3859", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: client side invocation timeout raised when calling over HTTP2", }, { cve: "CVE-2021-4104", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031667", }, ], notes: [ { category: "description", text: "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint.", title: "Vulnerability description", }, { category: "summary", text: "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", title: "Vulnerability summary", }, { category: "other", text: "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker's control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-4104", }, { category: "external", summary: "RHBZ#2031667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031667", }, { category: "external", summary: "RHSB-2021-009", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-4104", url: "https://www.cve.org/CVERecord?id=CVE-2021-4104", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", }, { category: "external", summary: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", }, { category: "external", summary: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", }, { category: "external", summary: "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", url: "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2021/12/13/1", url: "https://www.openwall.com/lists/oss-security/2021/12/13/1", }, ], release_date: "2021-12-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { cve: "CVE-2022-23305", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, discovery_date: "2022-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041959", }, ], notes: [ { category: "description", text: "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", title: "Vulnerability description", }, { category: "summary", text: "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", title: "Vulnerability summary", }, { category: "other", text: "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23305", }, { category: "external", summary: "RHBZ#2041959", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041959", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23305", url: "https://www.cve.org/CVERecord?id=CVE-2022-23305", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2022/01/18/4", url: "https://www.openwall.com/lists/oss-security/2022/01/18/4", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server's jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", }, { cve: "CVE-2022-23307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041967", }, ], notes: [ { category: "description", text: "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", title: "Vulnerability description", }, { category: "summary", text: "log4j: Unsafe deserialization flaw in Chainsaw log viewer", title: "Vulnerability summary", }, { category: "other", text: "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23307", }, { category: "external", summary: "RHBZ#2041967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041967", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23307", url: "https://www.cve.org/CVERecord?id=CVE-2022-23307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2022/01/18/5", url: "https://www.openwall.com/lists/oss-security/2022/01/18/5", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j: Unsafe deserialization flaw in Chainsaw log viewer", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, discovery_date: "2022-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2108554", }, ], notes: [ { category: "description", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "RHBZ#2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-34169", url: "https://www.cve.org/CVERecord?id=CVE-2022-34169", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", }, ], release_date: "2022-07-19T20:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-3171", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213639", }, ], notes: [ { category: "description", text: "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "eap-7: heap exhaustion via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3171", }, { category: "external", summary: "RHBZ#2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3171", url: "https://www.cve.org/CVERecord?id=CVE-2023-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "eap-7: heap exhaustion via deserialization", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2241822", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5685", }, { category: "external", summary: "RHBZ#2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5685", url: "https://www.cve.org/CVERecord?id=CVE-2023-5685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242521", }, ], notes: [ { category: "description", text: "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39410", }, { category: "external", summary: "RHBZ#2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39410", url: "https://www.cve.org/CVERecord?id=CVE-2023-39410", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", }, { category: "external", summary: "https://issues.apache.org/jira/browse/AVRO-3819", url: "https://issues.apache.org/jira/browse/AVRO-3819", }, ], release_date: "2023-09-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:7812
Vulnerability from csaf_redhat
Published
2024-10-08 16:04
Modified
2025-03-03 15:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7812", url: "https://access.redhat.com/errata/RHSA-2024:7812", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7812.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update", tracking: { current_release_date: "2025-03-03T15:28:30+00:00", generator: { date: "2025-03-03T15:28:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7812", initial_release_date: "2024-10-08T16:04:06+00:00", revision_history: [ { date: "2024-10-08T16:04:06+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-08T16:04:06+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:28:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-08T16:04:06+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7812", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:7972
Vulnerability from csaf_redhat
Published
2024-10-10 14:00
Modified
2025-03-03 15:28
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1)
Notes
Topic
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of Critical.
Details
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* CVE-2024-47561 org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE)
* CVE-2024-7254 com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\nRed Hat Product Security has rated this update as having a security impact of Critical.", title: "Topic", }, { category: "general", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* CVE-2024-47561 org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE)\n* CVE-2024-7254 com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7972", url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7972.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1)", tracking: { current_release_date: "2025-03-03T15:28:51+00:00", generator: { date: "2025-03-03T15:28:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7972", initial_release_date: "2024-10-10T14:00:25+00:00", revision_history: [ { date: "2024-10-10T14:00:25+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T14:00:25+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:28:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 4 for Quarkus 3", product: { name: "Red Hat build of Apache Camel 4 for Quarkus 3", product_id: "Red Hat build of Apache Camel 4 for Quarkus 3", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:3.8", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T14:00:25+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T14:00:25+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:8064
Vulnerability from csaf_redhat
Published
2024-10-14 15:53
Modified
2025-03-14 18:11
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)
* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)
* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)\n\n* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)\n\n* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8064", url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "2314495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314495", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8064.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.", tracking: { current_release_date: "2025-03-14T18:11:48+00:00", generator: { date: "2025-03-14T18:11:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:8064", initial_release_date: "2024-10-14T15:53:39+00:00", revision_history: [ { date: "2024-10-14T15:53:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-14T15:53:39+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T18:11:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product: { name: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product_id: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product_identification_helper: { cpe: "cpe:/a:redhat:apache_camel_spring_boot:4.4.3", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-04T17:02:58.468000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309764", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Nimbus Jose JWT package. This issue could allow an attacker to use a malicious large JWE p2c header value for PasswordBasedDecrypter and cause a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-52428", }, { category: "external", summary: "RHBZ#2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-52428", url: "https://www.cve.org/CVERecord?id=CVE-2023-52428", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, ], release_date: "2024-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", }, { cve: "CVE-2024-38809", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-24T20:00:28.839621+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314495", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Web (org.springframework:spring-web) package. Due to improper ETag prefix validation when the application parses ETags from the `If-Match` or `If-None-Match` request headers, an attacker can trigger a denial of service by sending a maliciously crafted conditional HTTP request.", title: "Vulnerability description", }, { category: "summary", text: "org.springframework:spring-web: Spring Framework DoS via conditional HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38809", }, { category: "external", summary: "RHBZ#2314495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38809", url: "https://www.cve.org/CVERecord?id=CVE-2024-38809", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38809", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38809", }, { category: "external", summary: "http://github.com/spring-projects/spring-framework", url: "http://github.com/spring-projects/spring-framework", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3", url: "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533", url: "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85", url: "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/issues/33372", url: "https://github.com/spring-projects/spring-framework/issues/33372", }, { category: "external", summary: "https://spring.io/security/cve-2024-38809", url: "https://spring.io/security/cve-2024-38809", }, ], release_date: "2024-09-24T18:34:43+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.springframework:spring-web: Spring Framework DoS via conditional HTTP request", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-09-13T06:20:08.422867+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312060", }, ], notes: [ { category: "description", text: "A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a FileSystemResource location.", title: "Vulnerability description", }, { category: "summary", text: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", title: "Vulnerability summary", }, { category: "other", text: "Path traversal vulnerabilities in applications that serve static resources via RouterFunctions and FileSystemResource pose a important security risk, as they allow attackers to bypass access controls and retrieve arbitrary files from the server's filesystem. This type of attack can lead to unauthorized exposure of sensitive data, such as configuration files, environment variables, or authentication credentials. If exploited, it can further facilitate privilege escalation, lateral movement, or remote code execution within the system. Given the broad access it grants to the server's filesystem, the potential for system compromise makes path traversal vulnerabilities a high-severity issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38816", }, { category: "external", summary: "RHBZ#2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38816", url: "https://www.cve.org/CVERecord?id=CVE-2024-38816", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", }, { category: "external", summary: "https://spring.io/security/cve-2024-38816", url: "https://spring.io/security/cve-2024-38816", }, ], release_date: "2024-09-13T06:15:11.190000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_7676
Vulnerability from csaf_redhat
Published
2024-10-10 13:43
Modified
2024-12-06 13:14
Summary
Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update
Notes
Topic
An update is now available for Red Hat build of Quarkus.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE links in the References section.
Details
This release of Red Hat build of Quarkus 3.2.12.SP1 contains security updates. For more information, see the release notes
page listed in the References section.
Security Fix(es):
* com.google.protobuf/protobuf: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)
* org.eclipse.angus/angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)
* com.graphql-java.graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java (CVE-2024-40094)
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat build of Quarkus. \nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability. For\nmore information, see the CVE links in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Quarkus 3.2.12.SP1 contains security updates. For more information, see the release notes\npage listed in the References section.\n\nSecurity Fix(es):\n\n* com.google.protobuf/protobuf: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n\n* org.eclipse.angus/angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)\n\n* com.graphql-java.graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java (CVE-2024-40094)\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7676", url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7676.json", }, ], title: "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update", tracking: { current_release_date: "2024-12-06T13:14:07+00:00", generator: { date: "2024-12-06T13:14:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2024:7676", initial_release_date: "2024-10-10T13:43:59+00:00", revision_history: [ { date: "2024-10-10T13:43:59+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T13:43:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T13:14:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Quarkus 3.2", product: { name: "Red Hat build of Quarkus 3.2", product_id: "Red Hat build of Quarkus 3.2", product_identification_helper: { cpe: "cpe:/a:redhat:quarkus:3.2::el8", }, }, }, ], category: "product_family", name: "Red Hat build of Quarkus", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-44549", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2024-10-01T01:34:34.576000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2315808", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Sling Commons Messaging Mail(angus-mail), which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to \"man-in-the-middle\" attacks and can allow insecure email communication.", title: "Vulnerability description", }, { category: "summary", text: "angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability should be considered of important severity rather than moderate because it directly impacts the integrity and confidentiality of email communications over SMTPS. By disabling server identity checks, it leaves the communication channel vulnerable to \"man-in-the-middle\" (MITM) attacks, where an attacker could intercept, alter, or eavesdrop on email traffic by impersonating the legitimate mail server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44549", }, { category: "external", summary: "RHBZ#2315808", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2315808", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44549", url: "https://www.cve.org/CVERecord?id=CVE-2021-44549", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44549", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44549", }, ], release_date: "2023-11-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-40094", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-07-30T07:20:08+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2301456", }, ], notes: [ { category: "description", text: "A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service (DoS) attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields (ENFs), which are not adequately considered during the introspection query process. This issue could lead to resource exhaustion and service disruption under certain conditions.", title: "Vulnerability description", }, { category: "summary", text: "graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-40094", }, { category: "external", summary: "RHBZ#2301456", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2301456", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-40094", url: "https://www.cve.org/CVERecord?id=CVE-2024-40094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-40094", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-40094", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a", url: "https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/discussions/3641", url: "https://github.com/graphql-java/graphql-java/discussions/3641", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/pull/3539", url: "https://github.com/graphql-java/graphql-java/pull/3539", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v19.11", url: "https://github.com/graphql-java/graphql-java/releases/tag/v19.11", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v20.9", url: "https://github.com/graphql-java/graphql-java/releases/tag/v20.9", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v21.5", url: "https://github.com/graphql-java/graphql-java/releases/tag/v21.5", }, ], release_date: "2024-07-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_10207
Vulnerability from csaf_redhat
Published
2024-11-25 00:12
Modified
2024-12-17 23:06
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)
* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)
* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)\n\n* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10207", url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index", }, { category: "external", summary: "2010378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", }, { category: "external", summary: "2031667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031667", }, { category: "external", summary: "2041959", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041959", }, { category: "external", summary: "2041967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041967", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "JBEAP-23025", url: "https://issues.redhat.com/browse/JBEAP-23025", }, { category: "external", summary: "JBEAP-28084", url: "https://issues.redhat.com/browse/JBEAP-28084", }, { category: "external", summary: "JBEAP-28089", url: "https://issues.redhat.com/browse/JBEAP-28089", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10207.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update", tracking: { current_release_date: "2024-12-17T23:06:37+00:00", generator: { date: "2024-12-17T23:06:37+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:10207", initial_release_date: "2024-11-25T00:12:17+00:00", revision_history: [ { date: "2024-11-25T00:12:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-25T00:12:17+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T23:06:37+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product_id: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product_id: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product_id: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product_id: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product_id: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product_id: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product_id: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product_id: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-bindings@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-policy@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product_id: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product_id: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", }, product_reference: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", }, product_reference: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", }, product_reference: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", }, product_reference: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", }, product_reference: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2021-3859", cwe: { id: "CWE-214", name: "Invocation of Process Using Visible Sensitive Information", }, discovery_date: "2021-09-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2010378", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.", title: "Vulnerability description", }, { category: "summary", text: "undertow: client side invocation timeout raised when calling over HTTP2", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3859", }, { category: "external", summary: "RHBZ#2010378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3859", url: "https://www.cve.org/CVERecord?id=CVE-2021-3859", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: client side invocation timeout raised when calling over HTTP2", }, { cve: "CVE-2021-4104", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031667", }, ], notes: [ { category: "description", text: "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint.", title: "Vulnerability description", }, { category: "summary", text: "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", title: "Vulnerability summary", }, { category: "other", text: "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker's control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-4104", }, { category: "external", summary: "RHBZ#2031667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031667", }, { category: "external", summary: "RHSB-2021-009", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-4104", url: "https://www.cve.org/CVERecord?id=CVE-2021-4104", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", }, { category: "external", summary: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", }, { category: "external", summary: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", }, { category: "external", summary: "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", url: "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2021/12/13/1", url: "https://www.openwall.com/lists/oss-security/2021/12/13/1", }, ], release_date: "2021-12-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { cve: "CVE-2022-23305", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, discovery_date: "2022-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041959", }, ], notes: [ { category: "description", text: "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", title: "Vulnerability description", }, { category: "summary", text: "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", title: "Vulnerability summary", }, { category: "other", text: "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23305", }, { category: "external", summary: "RHBZ#2041959", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041959", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23305", url: "https://www.cve.org/CVERecord?id=CVE-2022-23305", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2022/01/18/4", url: "https://www.openwall.com/lists/oss-security/2022/01/18/4", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server's jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", }, { cve: "CVE-2022-23307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041967", }, ], notes: [ { category: "description", text: "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", title: "Vulnerability description", }, { category: "summary", text: "log4j: Unsafe deserialization flaw in Chainsaw log viewer", title: "Vulnerability summary", }, { category: "other", text: "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23307", }, { category: "external", summary: "RHBZ#2041967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041967", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23307", url: "https://www.cve.org/CVERecord?id=CVE-2022-23307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2022/01/18/5", url: "https://www.openwall.com/lists/oss-security/2022/01/18/5", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j: Unsafe deserialization flaw in Chainsaw log viewer", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, discovery_date: "2022-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2108554", }, ], notes: [ { category: "description", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "RHBZ#2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-34169", url: "https://www.cve.org/CVERecord?id=CVE-2022-34169", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", }, ], release_date: "2022-07-19T20:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-3171", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213639", }, ], notes: [ { category: "description", text: "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "eap-7: heap exhaustion via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3171", }, { category: "external", summary: "RHBZ#2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3171", url: "https://www.cve.org/CVERecord?id=CVE-2023-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "eap-7: heap exhaustion via deserialization", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2241822", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5685", }, { category: "external", summary: "RHBZ#2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5685", url: "https://www.cve.org/CVERecord?id=CVE-2023-5685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242521", }, ], notes: [ { category: "description", text: "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39410", }, { category: "external", summary: "RHBZ#2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39410", url: "https://www.cve.org/CVERecord?id=CVE-2023-39410", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", }, { category: "external", summary: "https://issues.apache.org/jira/browse/AVRO-3819", url: "https://issues.apache.org/jira/browse/AVRO-3819", }, ], release_date: "2023-09-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:7676
Vulnerability from csaf_redhat
Published
2024-10-10 13:43
Modified
2025-03-03 15:50
Summary
Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update
Notes
Topic
An update is now available for Red Hat build of Quarkus.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE links in the References section.
Details
This release of Red Hat build of Quarkus 3.2.12.SP1 contains security updates. For more information, see the release notes
page listed in the References section.
Security Fix(es):
* com.google.protobuf/protobuf: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)
* org.eclipse.angus/angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)
* com.graphql-java.graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java (CVE-2024-40094)
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat build of Quarkus. \nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability. For\nmore information, see the CVE links in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Quarkus 3.2.12.SP1 contains security updates. For more information, see the release notes\npage listed in the References section.\n\nSecurity Fix(es):\n\n* com.google.protobuf/protobuf: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n\n* org.eclipse.angus/angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)\n\n* com.graphql-java.graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java (CVE-2024-40094)\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7676", url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7676.json", }, ], title: "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update", tracking: { current_release_date: "2025-03-03T15:50:42+00:00", generator: { date: "2025-03-03T15:50:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7676", initial_release_date: "2024-10-10T13:43:59+00:00", revision_history: [ { date: "2024-10-10T13:43:59+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T13:43:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:50:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Quarkus 3.2", product: { name: "Red Hat build of Quarkus 3.2", product_id: "Red Hat build of Quarkus 3.2", product_identification_helper: { cpe: "cpe:/a:redhat:quarkus:3.2::el8", }, }, }, ], category: "product_family", name: "Red Hat build of Quarkus", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-44549", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2024-10-01T01:34:34.576000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2315808", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Sling Commons Messaging Mail(angus-mail), which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to \"man-in-the-middle\" attacks and can allow insecure email communication.", title: "Vulnerability description", }, { category: "summary", text: "angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability should be considered of important severity rather than moderate because it directly impacts the integrity and confidentiality of email communications over SMTPS. By disabling server identity checks, it leaves the communication channel vulnerable to \"man-in-the-middle\" (MITM) attacks, where an attacker could intercept, alter, or eavesdrop on email traffic by impersonating the legitimate mail server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44549", }, { category: "external", summary: "RHBZ#2315808", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2315808", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44549", url: "https://www.cve.org/CVERecord?id=CVE-2021-44549", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44549", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44549", }, ], release_date: "2023-11-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-40094", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-07-30T07:20:08+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2301456", }, ], notes: [ { category: "description", text: "A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service (DoS) attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields (ENFs), which are not adequately considered during the introspection query process. This issue could lead to resource exhaustion and service disruption under certain conditions.", title: "Vulnerability description", }, { category: "summary", text: "graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-40094", }, { category: "external", summary: "RHBZ#2301456", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2301456", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-40094", url: "https://www.cve.org/CVERecord?id=CVE-2024-40094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-40094", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-40094", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a", url: "https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/discussions/3641", url: "https://github.com/graphql-java/graphql-java/discussions/3641", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/pull/3539", url: "https://github.com/graphql-java/graphql-java/pull/3539", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v19.11", url: "https://github.com/graphql-java/graphql-java/releases/tag/v19.11", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v20.9", url: "https://github.com/graphql-java/graphql-java/releases/tag/v20.9", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v21.5", url: "https://github.com/graphql-java/graphql-java/releases/tag/v21.5", }, ], release_date: "2024-07-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_10208
Vulnerability from csaf_redhat
Published
2024-11-25 00:12
Modified
2024-12-17 23:06
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)
* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10208", url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index", }, { category: "external", summary: "1796225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1796225", }, { category: "external", summary: "1912881", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1912881", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "JBEAP-27708", url: "https://issues.redhat.com/browse/JBEAP-27708", }, { category: "external", summary: "JBEAP-28086", url: "https://issues.redhat.com/browse/JBEAP-28086", }, { category: "external", summary: "JBEAP-28130", url: "https://issues.redhat.com/browse/JBEAP-28130", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10208.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update", tracking: { current_release_date: "2024-12-17T23:06:48+00:00", generator: { date: "2024-12-17T23:06:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:10208", initial_release_date: "2024-11-25T00:12:13+00:00", revision_history: [ { date: "2024-11-25T00:12:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-25T00:12:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T23:06:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product_id: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product_id: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product_id: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product_id: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product_id: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product_id: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product_id: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product_id: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product_id: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_id: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product: { name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_id: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", }, product_reference: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", }, product_reference: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", }, product_reference: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", }, product_reference: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", }, product_reference: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", }, product_reference: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2020-7238", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2020-01-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1796225", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch's security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we're reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-7238", }, { category: "external", summary: "RHBZ#1796225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1796225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-7238", url: "https://www.cve.org/CVERecord?id=CVE-2020-7238", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", }, { category: "external", summary: "https://netty.io/news/2019/12/18/4-1-44-Final.html", url: "https://netty.io/news/2019/12/18/4-1-44-Final.html", }, ], release_date: "2020-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", }, { cve: "CVE-2020-28052", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2021-01-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1912881", }, ], notes: [ { category: "description", text: "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-28052", }, { category: "external", summary: "RHBZ#1912881", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1912881", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-28052", url: "https://www.cve.org/CVERecord?id=CVE-2020-28052", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", }, ], release_date: "2020-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, discovery_date: "2022-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2108554", }, ], notes: [ { category: "description", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "RHBZ#2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-34169", url: "https://www.cve.org/CVERecord?id=CVE-2022-34169", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", }, ], release_date: "2022-07-19T20:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-3171", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213639", }, ], notes: [ { category: "description", text: "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "eap-7: heap exhaustion via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3171", }, { category: "external", summary: "RHBZ#2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3171", url: "https://www.cve.org/CVERecord?id=CVE-2023-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "eap-7: heap exhaustion via deserialization", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2241822", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5685", }, { category: "external", summary: "RHBZ#2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5685", url: "https://www.cve.org/CVERecord?id=CVE-2023-5685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242521", }, ], notes: [ { category: "description", text: "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39410", }, { category: "external", summary: "RHBZ#2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39410", url: "https://www.cve.org/CVERecord?id=CVE-2023-39410", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", }, { category: "external", summary: "https://issues.apache.org/jira/browse/AVRO-3819", url: "https://issues.apache.org/jira/browse/AVRO-3819", }, ], release_date: "2023-09-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_8064
Vulnerability from csaf_redhat
Published
2024-10-14 15:53
Modified
2024-12-12 21:45
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)
* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)
* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)
* org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)\n\n* com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428)\n\n* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (CVE-2024-45294)\n\n* org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8064", url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "2314495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314495", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8064.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.3 for Spring Boot security update.", tracking: { current_release_date: "2024-12-12T21:45:48+00:00", generator: { date: "2024-12-12T21:45:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:8064", initial_release_date: "2024-10-14T15:53:39+00:00", revision_history: [ { date: "2024-10-14T15:53:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-14T15:53:39+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-12T21:45:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product: { name: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product_id: "Red Hat build of Apache Camel 4.4.3 for Spring Boot", product_identification_helper: { cpe: "cpe:/a:redhat:apache_camel_spring_boot:4.4.3", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-04T17:02:58.468000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309764", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Nimbus Jose JWT package. This issue could allow an attacker to use a malicious large JWE p2c header value for PasswordBasedDecrypter and cause a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-52428", }, { category: "external", summary: "RHBZ#2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-52428", url: "https://www.cve.org/CVERecord?id=CVE-2023-52428", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, ], release_date: "2024-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", }, { cve: "CVE-2024-38809", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-24T20:00:28.839621+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314495", }, ], notes: [ { category: "description", text: "A flaw was found in the Spring Web (org.springframework:spring-web) package. Due to improper ETag prefix validation when the application parses ETags from the `If-Match` or `If-None-Match` request headers, an attacker can trigger a denial of service by sending a maliciously crafted conditional HTTP request.", title: "Vulnerability description", }, { category: "summary", text: "org.springframework:spring-web: Spring Framework DoS via conditional HTTP request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38809", }, { category: "external", summary: "RHBZ#2314495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38809", url: "https://www.cve.org/CVERecord?id=CVE-2024-38809", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38809", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38809", }, { category: "external", summary: "http://github.com/spring-projects/spring-framework", url: "http://github.com/spring-projects/spring-framework", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3", url: "https://github.com/spring-projects/spring-framework/commit/582bfccbb72e5c8959a0b472d1dc7d03a20520f3", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533", url: "https://github.com/spring-projects/spring-framework/commit/8d16a50907c11f7e6b407d878a26e84eba08a533", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85", url: "https://github.com/spring-projects/spring-framework/commit/bb17ad8314b81850a939fd265fb53b3361705e85", }, { category: "external", summary: "https://github.com/spring-projects/spring-framework/issues/33372", url: "https://github.com/spring-projects/spring-framework/issues/33372", }, { category: "external", summary: "https://spring.io/security/cve-2024-38809", url: "https://spring.io/security/cve-2024-38809", }, ], release_date: "2024-09-24T18:34:43+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.springframework:spring-web: Spring Framework DoS via conditional HTTP request", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-09-13T06:20:08.422867+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312060", }, ], notes: [ { category: "description", text: "A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a FileSystemResource location.", title: "Vulnerability description", }, { category: "summary", text: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", title: "Vulnerability summary", }, { category: "other", text: "Path traversal vulnerabilities in applications that serve static resources via RouterFunctions and FileSystemResource pose a important security risk, as they allow attackers to bypass access controls and retrieve arbitrary files from the server's filesystem. This type of attack can lead to unauthorized exposure of sensitive data, such as configuration files, environment variables, or authentication credentials. If exploited, it can further facilitate privilege escalation, lateral movement, or remote code execution within the system. Given the broad access it grants to the server's filesystem, the potential for system compromise makes path traversal vulnerabilities a high-severity issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38816", }, { category: "external", summary: "RHBZ#2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38816", url: "https://www.cve.org/CVERecord?id=CVE-2024-38816", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", }, { category: "external", summary: "https://spring.io/security/cve-2024-38816", url: "https://spring.io/security/cve-2024-38816", }, ], release_date: "2024-09-13T06:15:11.190000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", }, { cve: "CVE-2024-45294", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2024-09-06T16:20:11.403869+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310447", }, ], notes: [ { category: "description", text: "A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations (XSLT) transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This issue impacts use cases where org.hl7.fhir.core is being used within a host where external clients can submit XML.", title: "Vulnerability description", }, { category: "summary", text: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is of significant severity because it allows for XML External Entity (XXE) injection, which can lead to unauthorized access and leakage of sensitive data from the host system. In environments where external clients are permitted to submit XML files, an attacker could craft a malicious XML containing a DTD (Document Type Definition) that references external entities. When processed, this could result in the unauthorized disclosure of files, environmental variables, or other confidential data from the server, potentially compromising the integrity and confidentiality of the system.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45294", }, { category: "external", summary: "RHBZ#2310447", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310447", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45294", url: "https://www.cve.org/CVERecord?id=CVE-2024-45294", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45294", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", url: "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23", }, { category: "external", summary: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", url: "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf", }, ], release_date: "2024-09-06T16:15:03.300000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T15:53:39+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.4.3 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:8093
Vulnerability from csaf_redhat
Published
2024-10-14 19:55
Modified
2025-03-03 15:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8093", url: "https://access.redhat.com/errata/RHSA-2024:8093", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8093.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update", tracking: { current_release_date: "2025-03-03T15:28:48+00:00", generator: { date: "2025-03-03T15:28:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:8093", initial_release_date: "2024-10-14T19:55:01+00:00", revision_history: [ { date: "2024-10-14T19:55:01+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-14T19:55:01+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:28:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T19:55:01+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: \nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8093", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:7812
Vulnerability from csaf_redhat
Published
2024-10-08 16:04
Modified
2025-03-03 15:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7812", url: "https://access.redhat.com/errata/RHSA-2024:7812", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7812.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update", tracking: { current_release_date: "2025-03-03T15:28:30+00:00", generator: { date: "2025-03-03T15:28:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7812", initial_release_date: "2024-10-08T16:04:06+00:00", revision_history: [ { date: "2024-10-08T16:04:06+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-08T16:04:06+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:28:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-08T16:04:06+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7812", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:7811
Vulnerability from csaf_redhat
Published
2024-10-08 16:08
Modified
2025-03-03 15:29
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7811", url: "https://access.redhat.com/errata/RHSA-2024:7811", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7811.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update", tracking: { current_release_date: "2025-03-03T15:29:44+00:00", generator: { date: "2025-03-03T15:29:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7811", initial_release_date: "2024-10-08T16:08:21+00:00", revision_history: [ { date: "2024-10-08T16:08:21+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-08T16:08:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:29:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-08T16:08:21+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7811", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:10208
Vulnerability from csaf_redhat
Published
2024-11-25 00:12
Modified
2025-03-19 10:23
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)
* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10208", url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index", }, { category: "external", summary: "1796225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1796225", }, { category: "external", summary: "1912881", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1912881", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "JBEAP-27708", url: "https://issues.redhat.com/browse/JBEAP-27708", }, { category: "external", summary: "JBEAP-28086", url: "https://issues.redhat.com/browse/JBEAP-28086", }, { category: "external", summary: "JBEAP-28130", url: "https://issues.redhat.com/browse/JBEAP-28130", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10208.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update", tracking: { current_release_date: "2025-03-19T10:23:56+00:00", generator: { date: "2025-03-19T10:23:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:10208", initial_release_date: "2024-11-25T00:12:13+00:00", revision_history: [ { date: "2024-11-25T00:12:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-25T00:12:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T10:23:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product_id: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product_id: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product_id: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product_id: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product_id: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product_id: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product_id: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product_id: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product_id: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_id: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product: { name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_id: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", }, product_reference: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", }, product_reference: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", }, product_reference: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", }, product_reference: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", }, product_reference: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", }, product_reference: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2020-7238", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2020-01-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1796225", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch's security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we're reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-7238", }, { category: "external", summary: "RHBZ#1796225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1796225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-7238", url: "https://www.cve.org/CVERecord?id=CVE-2020-7238", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", }, { category: "external", summary: "https://netty.io/news/2019/12/18/4-1-44-Final.html", url: "https://netty.io/news/2019/12/18/4-1-44-Final.html", }, ], release_date: "2020-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", }, { cve: "CVE-2020-28052", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2021-01-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1912881", }, ], notes: [ { category: "description", text: "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-28052", }, { category: "external", summary: "RHBZ#1912881", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1912881", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-28052", url: "https://www.cve.org/CVERecord?id=CVE-2020-28052", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", }, ], release_date: "2020-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, discovery_date: "2022-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2108554", }, ], notes: [ { category: "description", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "RHBZ#2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-34169", url: "https://www.cve.org/CVERecord?id=CVE-2022-34169", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", }, ], release_date: "2022-07-19T20:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-3171", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213639", }, ], notes: [ { category: "description", text: "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "eap-7: heap exhaustion via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3171", }, { category: "external", summary: "RHBZ#2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3171", url: "https://www.cve.org/CVERecord?id=CVE-2023-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "eap-7: heap exhaustion via deserialization", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2241822", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5685", }, { category: "external", summary: "RHBZ#2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5685", url: "https://www.cve.org/CVERecord?id=CVE-2023-5685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242521", }, ], notes: [ { category: "description", text: "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39410", }, { category: "external", summary: "RHBZ#2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39410", url: "https://www.cve.org/CVERecord?id=CVE-2023-39410", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", }, { category: "external", summary: "https://issues.apache.org/jira/browse/AVRO-3819", url: "https://issues.apache.org/jira/browse/AVRO-3819", }, ], release_date: "2023-09-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:7676
Vulnerability from csaf_redhat
Published
2024-10-10 13:43
Modified
2025-03-03 15:50
Summary
Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update
Notes
Topic
An update is now available for Red Hat build of Quarkus.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE links in the References section.
Details
This release of Red Hat build of Quarkus 3.2.12.SP1 contains security updates. For more information, see the release notes
page listed in the References section.
Security Fix(es):
* com.google.protobuf/protobuf: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)
* org.eclipse.angus/angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)
* com.graphql-java.graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java (CVE-2024-40094)
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat build of Quarkus. \nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability. For\nmore information, see the CVE links in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Quarkus 3.2.12.SP1 contains security updates. For more information, see the release notes\npage listed in the References section.\n\nSecurity Fix(es):\n\n* com.google.protobuf/protobuf: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n\n* org.eclipse.angus/angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)\n\n* com.graphql-java.graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java (CVE-2024-40094)\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7676", url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7676.json", }, ], title: "Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update", tracking: { current_release_date: "2025-03-03T15:50:42+00:00", generator: { date: "2025-03-03T15:50:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7676", initial_release_date: "2024-10-10T13:43:59+00:00", revision_history: [ { date: "2024-10-10T13:43:59+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T13:43:59+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:50:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Quarkus 3.2", product: { name: "Red Hat build of Quarkus 3.2", product_id: "Red Hat build of Quarkus 3.2", product_identification_helper: { cpe: "cpe:/a:redhat:quarkus:3.2::el8", }, }, }, ], category: "product_family", name: "Red Hat build of Quarkus", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-44549", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2024-10-01T01:34:34.576000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2315808", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Sling Commons Messaging Mail(angus-mail), which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to \"man-in-the-middle\" attacks and can allow insecure email communication.", title: "Vulnerability description", }, { category: "summary", text: "angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability should be considered of important severity rather than moderate because it directly impacts the integrity and confidentiality of email communications over SMTPS. By disabling server identity checks, it leaves the communication channel vulnerable to \"man-in-the-middle\" (MITM) attacks, where an attacker could intercept, alter, or eavesdrop on email traffic by impersonating the legitimate mail server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44549", }, { category: "external", summary: "RHBZ#2315808", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2315808", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44549", url: "https://www.cve.org/CVERecord?id=CVE-2021-44549", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44549", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44549", }, ], release_date: "2023-11-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-40094", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-07-30T07:20:08+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2301456", }, ], notes: [ { category: "description", text: "A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service (DoS) attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields (ENFs), which are not adequately considered during the introspection query process. This issue could lead to resource exhaustion and service disruption under certain conditions.", title: "Vulnerability description", }, { category: "summary", text: "graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-40094", }, { category: "external", summary: "RHBZ#2301456", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2301456", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-40094", url: "https://www.cve.org/CVERecord?id=CVE-2024-40094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-40094", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-40094", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a", url: "https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/discussions/3641", url: "https://github.com/graphql-java/graphql-java/discussions/3641", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/pull/3539", url: "https://github.com/graphql-java/graphql-java/pull/3539", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v19.11", url: "https://github.com/graphql-java/graphql-java/releases/tag/v19.11", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v20.9", url: "https://github.com/graphql-java/graphql-java/releases/tag/v20.9", }, { category: "external", summary: "https://github.com/graphql-java/graphql-java/releases/tag/v21.5", url: "https://github.com/graphql-java/graphql-java/releases/tag/v21.5", }, ], release_date: "2024-07-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Quarkus 3.2", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T13:43:59+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Quarkus 3.2", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Quarkus 3.2", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Quarkus 3.2", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:8339
Vulnerability from csaf_redhat
Published
2024-10-22 18:29
Modified
2025-03-19 10:23
Summary
Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.
Notes
Topic
Red Hat Integration Camel K 1.10.8 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Camel K 1.10.8 is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
* org.apache.camel-camel-cassandraql: : Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository (CVE-2024-23114)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel K 1.10.8 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Camel K 1.10.8 is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\n* org.apache.camel-camel-cassandraql: : Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository (CVE-2024-23114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8339", url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2265053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265053", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8339.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.", tracking: { current_release_date: "2025-03-19T10:23:36+00:00", generator: { date: "2025-03-19T10:23:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:8339", initial_release_date: "2024-10-22T18:29:33+00:00", revision_history: [ { date: "2024-10-22T18:29:33+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-22T18:29:33+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T10:23:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-K 1.10.8", product: { name: "RHINT Camel-K 1.10.8", product_id: "RHINT Camel-K 1.10.8", product_identification_helper: { cpe: "cpe:/a:redhat:camel_k:1.10.8", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-23114", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265053", }, ], notes: [ { category: "description", text: "A deserialization of untrusted data flaw was found in the Apache Camel CassandraQL Component AggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload.", title: "Vulnerability description", }, { category: "summary", text: "Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23114", }, { category: "external", summary: "RHBZ#2265053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265053", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23114", url: "https://www.cve.org/CVERecord?id=CVE-2024-23114", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23114", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23114", }, { category: "external", summary: "https://camel.apache.org/", url: "https://camel.apache.org/", }, { category: "external", summary: "https://issues.apache.org/jira/browse/CAMEL-20306", url: "https://issues.apache.org/jira/browse/CAMEL-20306", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "RHINT Camel-K 1.10.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "RHINT Camel-K 1.10.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:10207
Vulnerability from csaf_redhat
Published
2024-11-25 00:12
Modified
2025-03-19 10:23
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)
* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)
* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)\n\n* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10207", url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index", }, { category: "external", summary: "2010378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", }, { category: "external", summary: "2031667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031667", }, { category: "external", summary: "2041959", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041959", }, { category: "external", summary: "2041967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041967", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "JBEAP-23025", url: "https://issues.redhat.com/browse/JBEAP-23025", }, { category: "external", summary: "JBEAP-28084", url: "https://issues.redhat.com/browse/JBEAP-28084", }, { category: "external", summary: "JBEAP-28089", url: "https://issues.redhat.com/browse/JBEAP-28089", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10207.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update", tracking: { current_release_date: "2025-03-19T10:23:44+00:00", generator: { date: "2025-03-19T10:23:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:10207", initial_release_date: "2024-11-25T00:12:17+00:00", revision_history: [ { date: "2024-11-25T00:12:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-25T00:12:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T10:23:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product_id: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product_id: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product_id: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product_id: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product_id: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product_id: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product_id: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product_id: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product_id: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product_id: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product: { name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_id: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product_id: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-bindings@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-policy@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product_id: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product_id: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product_id: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product_id: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product: { name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_id: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product: { name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_id: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", }, product_reference: "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", }, product_reference: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", }, product_reference: "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", }, product_reference: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", }, product_reference: "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", }, product_reference: "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", }, product_reference: "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", }, product_reference: "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", }, product_reference: "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", }, product_reference: "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", }, product_reference: "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.3-EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2021-3859", cwe: { id: "CWE-214", name: "Invocation of Process Using Visible Sensitive Information", }, discovery_date: "2021-09-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2010378", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.", title: "Vulnerability description", }, { category: "summary", text: "undertow: client side invocation timeout raised when calling over HTTP2", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3859", }, { category: "external", summary: "RHBZ#2010378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3859", url: "https://www.cve.org/CVERecord?id=CVE-2021-3859", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", }, ], release_date: "2022-02-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: client side invocation timeout raised when calling over HTTP2", }, { cve: "CVE-2021-4104", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-12-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2031667", }, ], notes: [ { category: "description", text: "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint.", title: "Vulnerability description", }, { category: "summary", text: "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", title: "Vulnerability summary", }, { category: "other", text: "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker's control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-4104", }, { category: "external", summary: "RHBZ#2031667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031667", }, { category: "external", summary: "RHSB-2021-009", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-4104", url: "https://www.cve.org/CVERecord?id=CVE-2021-4104", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", }, { category: "external", summary: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", }, { category: "external", summary: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", }, { category: "external", summary: "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", url: "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2021/12/13/1", url: "https://www.openwall.com/lists/oss-security/2021/12/13/1", }, ], release_date: "2021-12-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { cve: "CVE-2022-23305", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, discovery_date: "2022-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041959", }, ], notes: [ { category: "description", text: "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", title: "Vulnerability description", }, { category: "summary", text: "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", title: "Vulnerability summary", }, { category: "other", text: "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23305", }, { category: "external", summary: "RHBZ#2041959", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041959", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23305", url: "https://www.cve.org/CVERecord?id=CVE-2022-23305", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2022/01/18/4", url: "https://www.openwall.com/lists/oss-security/2022/01/18/4", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server's jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", }, { cve: "CVE-2022-23307", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2041967", }, ], notes: [ { category: "description", text: "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", title: "Vulnerability description", }, { category: "summary", text: "log4j: Unsafe deserialization flaw in Chainsaw log viewer", title: "Vulnerability summary", }, { category: "other", text: "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23307", }, { category: "external", summary: "RHBZ#2041967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041967", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23307", url: "https://www.cve.org/CVERecord?id=CVE-2022-23307", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2022/01/18/5", url: "https://www.openwall.com/lists/oss-security/2022/01/18/5", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j: Unsafe deserialization flaw in Chainsaw log viewer", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, discovery_date: "2022-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2108554", }, ], notes: [ { category: "description", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "RHBZ#2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-34169", url: "https://www.cve.org/CVERecord?id=CVE-2022-34169", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", }, ], release_date: "2022-07-19T20:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-3171", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213639", }, ], notes: [ { category: "description", text: "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "eap-7: heap exhaustion via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3171", }, { category: "external", summary: "RHBZ#2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3171", url: "https://www.cve.org/CVERecord?id=CVE-2023-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "eap-7: heap exhaustion via deserialization", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2241822", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5685", }, { category: "external", summary: "RHBZ#2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5685", url: "https://www.cve.org/CVERecord?id=CVE-2023-5685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242521", }, ], notes: [ { category: "description", text: "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39410", }, { category: "external", summary: "RHBZ#2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39410", url: "https://www.cve.org/CVERecord?id=CVE-2023-39410", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", }, { category: "external", summary: "https://issues.apache.org/jira/browse/AVRO-3819", url: "https://issues.apache.org/jira/browse/AVRO-3819", }, ], release_date: "2023-09-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:17+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_8093
Vulnerability from csaf_redhat
Published
2024-10-14 19:55
Modified
2024-12-04 22:57
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8093", url: "https://access.redhat.com/errata/RHSA-2024:8093", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8093.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update", tracking: { current_release_date: "2024-12-04T22:57:35+00:00", generator: { date: "2024-12-04T22:57:35+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2024:8093", initial_release_date: "2024-10-14T19:55:01+00:00", revision_history: [ { date: "2024-10-14T19:55:01+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-14T19:55:01+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-04T22:57:35+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-14T19:55:01+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: \nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8093", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_7812
Vulnerability from csaf_redhat
Published
2024-10-08 16:04
Modified
2024-12-04 22:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7812", url: "https://access.redhat.com/errata/RHSA-2024:7812", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7812.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update", tracking: { current_release_date: "2024-12-04T22:56:45+00:00", generator: { date: "2024-12-04T22:56:45+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2024:7812", initial_release_date: "2024-10-08T16:04:06+00:00", revision_history: [ { date: "2024-10-08T16:04:06+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-08T16:04:06+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-04T22:56:45+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7", product: { name: "Red Hat JBoss Enterprise Application Platform 7", product_id: "Red Hat JBoss Enterprise Application Platform 7", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-08T16:04:06+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7812", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Enterprise Application Platform 7", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_7861
Vulnerability from csaf_redhat
Published
2024-10-09 12:35
Modified
2024-12-04 22:56
Summary
Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]
Notes
Topic
An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7861", url: "https://access.redhat.com/errata/RHSA-2024:7861", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6", url: "https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7861.json", }, ], title: "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]", tracking: { current_release_date: "2024-12-04T22:56:56+00:00", generator: { date: "2024-12-04T22:56:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2024:7861", initial_release_date: "2024-10-09T12:35:14+00:00", revision_history: [ { date: "2024-10-09T12:35:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T12:35:14+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-04T22:56:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apicurio Registry 2.6.5 GA", product: { name: "Red Hat build of Apicurio Registry 2.6.5 GA", product_id: "Red Hat build of Apicurio Registry 2.6.5 GA", product_identification_helper: { cpe: "cpe:/a:redhat:apicurio_registry:2.6", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-09T12:35:14+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7861", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024:7861
Vulnerability from csaf_redhat
Published
2024-10-09 12:35
Modified
2025-03-03 15:28
Summary
Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]
Notes
Topic
An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7861", url: "https://access.redhat.com/errata/RHSA-2024:7861", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6", url: "https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7861.json", }, ], title: "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]", tracking: { current_release_date: "2025-03-03T15:28:41+00:00", generator: { date: "2025-03-03T15:28:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7861", initial_release_date: "2024-10-09T12:35:14+00:00", revision_history: [ { date: "2024-10-09T12:35:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T12:35:14+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:28:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apicurio Registry 2.6.5 GA", product: { name: "Red Hat build of Apicurio Registry 2.6.5 GA", product_id: "Red Hat build of Apicurio Registry 2.6.5 GA", product_identification_helper: { cpe: "cpe:/a:redhat:apicurio_registry:2.6", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-09T12:35:14+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7861", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:7861
Vulnerability from csaf_redhat
Published
2024-10-09 12:35
Modified
2025-03-03 15:28
Summary
Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]
Notes
Topic
An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.
Security Fix(es):
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7861", url: "https://access.redhat.com/errata/RHSA-2024:7861", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6", url: "https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7861.json", }, ], title: "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]", tracking: { current_release_date: "2025-03-03T15:28:41+00:00", generator: { date: "2025-03-03T15:28:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7861", initial_release_date: "2024-10-09T12:35:14+00:00", revision_history: [ { date: "2024-10-09T12:35:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T12:35:14+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:28:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apicurio Registry 2.6.5 GA", product: { name: "Red Hat build of Apicurio Registry 2.6.5 GA", product_id: "Red Hat build of Apicurio Registry 2.6.5 GA", product_identification_helper: { cpe: "cpe:/a:redhat:apicurio_registry:2.6", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-09T12:35:14+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7861", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.5 GA", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:10208
Vulnerability from csaf_redhat
Published
2024-11-25 00:12
Modified
2025-03-19 10:23
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)
* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:10208", url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index", }, { category: "external", summary: "1796225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1796225", }, { category: "external", summary: "1912881", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1912881", }, { category: "external", summary: "2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "JBEAP-27708", url: "https://issues.redhat.com/browse/JBEAP-27708", }, { category: "external", summary: "JBEAP-28086", url: "https://issues.redhat.com/browse/JBEAP-28086", }, { category: "external", summary: "JBEAP-28130", url: "https://issues.redhat.com/browse/JBEAP-28130", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10208.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update", tracking: { current_release_date: "2025-03-19T10:23:56+00:00", generator: { date: "2025-03-19T10:23:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:10208", initial_release_date: "2024-11-25T00:12:13+00:00", revision_history: [ { date: "2024-11-25T00:12:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-25T00:12:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T10:23:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product_id: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product_id: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product_id: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product_id: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product_id: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product_id: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product_id: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product_id: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product_id: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product_id: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_id: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product_id: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_id: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product: { name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_id: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", }, product_reference: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", }, product_reference: "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", }, product_reference: "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", }, product_reference: "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", }, product_reference: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", }, product_reference: "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", }, product_reference: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", }, product_reference: "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", }, product_reference: "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", product_id: "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", relates_to_product_reference: "7Server-JBEAP-7.1-EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2020-7238", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2020-01-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1796225", }, ], notes: [ { category: "description", text: "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch's security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we're reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-7238", }, { category: "external", summary: "RHBZ#1796225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1796225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-7238", url: "https://www.cve.org/CVERecord?id=CVE-2020-7238", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", }, { category: "external", summary: "https://netty.io/news/2019/12/18/4-1-44-Final.html", url: "https://netty.io/news/2019/12/18/4-1-44-Final.html", }, ], release_date: "2020-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", }, { cve: "CVE-2020-28052", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2021-01-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1912881", }, ], notes: [ { category: "description", text: "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-28052", }, { category: "external", summary: "RHBZ#1912881", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1912881", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-28052", url: "https://www.cve.org/CVERecord?id=CVE-2020-28052", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", }, ], release_date: "2020-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", }, { cve: "CVE-2022-23221", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044596", }, ], notes: [ { category: "description", text: "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", title: "Vulnerability description", }, { category: "summary", text: "h2: Loading of custom classes from remote servers through JNDI", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23221", }, { category: "external", summary: "RHBZ#2044596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23221", url: "https://www.cve.org/CVERecord?id=CVE-2022-23221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", }, { category: "external", summary: "https://github.com/advisories/GHSA-45hx-wfhj-473x", url: "https://github.com/advisories/GHSA-45hx-wfhj-473x", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "h2: Loading of custom classes from remote servers through JNDI", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, discovery_date: "2022-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2108554", }, ], notes: [ { category: "description", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "Vulnerability description", }, { category: "summary", text: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "RHBZ#2108554", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108554", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-34169", url: "https://www.cve.org/CVERecord?id=CVE-2022-34169", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", }, ], release_date: "2022-07-19T20:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", }, { cve: "CVE-2022-41853", cwe: { id: "CWE-470", name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", }, discovery_date: "2022-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2136141", }, ], notes: [ { category: "description", text: "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", title: "Vulnerability description", }, { category: "summary", text: "hsqldb: Untrusted input may lead to RCE attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-41853", }, { category: "external", summary: "RHBZ#2136141", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136141", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-41853", url: "https://www.cve.org/CVERecord?id=CVE-2022-41853", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", }, { category: "external", summary: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", url: "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", }, { category: "external", summary: "https://github.com/advisories/GHSA-77xx-rxvh-q682", url: "https://github.com/advisories/GHSA-77xx-rxvh-q682", }, ], release_date: "2022-10-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hsqldb: Untrusted input may lead to RCE attack", }, { cve: "CVE-2022-46364", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2022-12-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2155682", }, ], notes: [ { category: "description", text: "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", title: "Vulnerability description", }, { category: "summary", text: "CXF: SSRF Vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", ], known_not_affected: [ "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-46364", }, { category: "external", summary: "RHBZ#2155682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-46364", url: "https://www.cve.org/CVERecord?id=CVE-2022-46364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", url: "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", }, ], release_date: "2022-12-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "CXF: SSRF Vulnerability", }, { cve: "CVE-2023-3171", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, discovery_date: "2023-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213639", }, ], notes: [ { category: "description", text: "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", title: "Vulnerability description", }, { category: "summary", text: "eap-7: heap exhaustion via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3171", }, { category: "external", summary: "RHBZ#2213639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213639", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3171", url: "https://www.cve.org/CVERecord?id=CVE-2023-3171", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "eap-7: heap exhaustion via deserialization", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2241822", }, ], notes: [ { category: "description", text: "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5685", }, { category: "external", summary: "RHBZ#2241822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5685", url: "https://www.cve.org/CVERecord?id=CVE-2023-5685", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "xnio: StackOverflowException when the chain of notifier states becomes problematically big", }, { cve: "CVE-2023-26464", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-03-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182864", }, ], notes: [ { category: "description", text: "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", title: "Vulnerability description", }, { category: "summary", text: "log4j1-socketappender: DoS via hashmap logging", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26464", }, { category: "external", summary: "RHBZ#2182864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26464", url: "https://www.cve.org/CVERecord?id=CVE-2023-26464", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", }, { category: "external", summary: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", url: "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", }, ], release_date: "2023-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "log4j1-socketappender: DoS via hashmap logging", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242521", }, ], notes: [ { category: "description", text: "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39410", }, { category: "external", summary: "RHBZ#2242521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242521", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39410", url: "https://www.cve.org/CVERecord?id=CVE-2023-39410", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", }, { category: "external", summary: "https://issues.apache.org/jira/browse/AVRO-3819", url: "https://issues.apache.org/jira/browse/AVRO-3819", }, ], release_date: "2023-09-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-25T00:12:13+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:10208", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:7972
Vulnerability from csaf_redhat
Published
2024-10-10 14:00
Modified
2025-03-03 15:28
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1)
Notes
Topic
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of Critical.
Details
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* CVE-2024-47561 org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE)
* CVE-2024-7254 com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\nRed Hat Product Security has rated this update as having a security impact of Critical.", title: "Topic", }, { category: "general", text: "An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* CVE-2024-47561 org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE)\n* CVE-2024-7254 com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7972", url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7972.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP1)", tracking: { current_release_date: "2025-03-03T15:28:51+00:00", generator: { date: "2025-03-03T15:28:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7972", initial_release_date: "2024-10-10T14:00:25+00:00", revision_history: [ { date: "2024-10-10T14:00:25+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T14:00:25+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:28:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 4 for Quarkus 3", product: { name: "Red Hat build of Apache Camel 4 for Quarkus 3", product_id: "Red Hat build of Apache Camel 4 for Quarkus 3", product_identification_helper: { cpe: "cpe:/a:redhat:camel_quarkus:3.8", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T14:00:25+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-10T14:00:25+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4 for Quarkus 3", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
RHSA-2024:7811
Vulnerability from csaf_redhat
Published
2024-10-08 16:08
Modified
2025-03-03 15:29
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* apache-avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7811", url: "https://access.redhat.com/errata/RHSA-2024:7811", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#critical", url: "https://access.redhat.com/security/updates/classification/#critical", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7811.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update", tracking: { current_release_date: "2025-03-03T15:29:44+00:00", generator: { date: "2025-03-03T15:29:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2024:7811", initial_release_date: "2024-10-08T16:08:21+00:00", revision_history: [ { date: "2024-10-08T16:08:21+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-08T16:08:21+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T15:29:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", }, }, }, { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 9", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el7eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el9eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el7eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product_id: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-avro@1.11.4-1.redhat_00001.1.el9eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", product_id: "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", relates_to_product_reference: "7Server-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", relates_to_product_reference: "9Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", product_id: "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", }, product_reference: "eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", relates_to_product_reference: "9Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-08T16:08:21+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7811", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap.src", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap.src", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
rhsa-2024_8339
Vulnerability from csaf_redhat
Published
2024-10-22 18:29
Modified
2024-12-12 09:59
Summary
Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.
Notes
Topic
Red Hat Integration Camel K 1.10.8 release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Camel K 1.10.8 is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)
* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)
* org.apache.camel-camel-cassandraql: : Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository (CVE-2024-23114)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Integration Camel K 1.10.8 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Camel K 1.10.8 is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)\n\n* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (CVE-2024-47561)\n\n* org.apache.camel-camel-cassandraql: : Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository (CVE-2024-23114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE important page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:8339", url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2265053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265053", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8339.json", }, ], title: "Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.", tracking: { current_release_date: "2024-12-12T09:59:40+00:00", generator: { date: "2024-12-12T09:59:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:8339", initial_release_date: "2024-10-22T18:29:33+00:00", revision_history: [ { date: "2024-10-22T18:29:33+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-22T18:29:33+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-12T09:59:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHINT Camel-K 1.10.8", product: { name: "RHINT Camel-K 1.10.8", product_id: "RHINT Camel-K 1.10.8", product_identification_helper: { cpe: "cpe:/a:redhat:camel_k:1.10.8", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-23114", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265053", }, ], notes: [ { category: "description", text: "A deserialization of untrusted data flaw was found in the Apache Camel CassandraQL Component AggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload.", title: "Vulnerability description", }, { category: "summary", text: "Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23114", }, { category: "external", summary: "RHBZ#2265053", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265053", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23114", url: "https://www.cve.org/CVERecord?id=CVE-2024-23114", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23114", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23114", }, { category: "external", summary: "https://camel.apache.org/", url: "https://camel.apache.org/", }, { category: "external", summary: "https://issues.apache.org/jira/browse/CAMEL-20306", url: "https://issues.apache.org/jira/browse/CAMEL-20306", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "RHINT Camel-K 1.10.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2024-10-02T14:04:06.018000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316116", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", title: "Vulnerability description", }, { category: "summary", text: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", title: "Vulnerability summary", }, { category: "other", text: "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "RHINT Camel-K 1.10.8", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47561", }, { category: "external", summary: "RHBZ#2316116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316116", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47561", url: "https://www.cve.org/CVERecord?id=CVE-2024-47561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, ], release_date: "2024-10-03T12:20:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-22T18:29:33+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "RHINT Camel-K 1.10.8", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "workaround", details: "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", product_ids: [ "RHINT Camel-K 1.10.8", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "RHINT Camel-K 1.10.8", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", }, ], }
wid-sec-w-2024-3147
Vulnerability from csaf_certbund
Published
2024-10-10 22:00
Modified
2024-12-12 23:00
Summary
Red Hat Produkte: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu können.
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Red Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank für den schnellen Zugriff auf große Datenvolumen und Skalierbarkeit.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat-Produkten ausnutzen, um Dateien zu manipulieren, beliebigen Code auszuführen und einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.\r\nRed Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu können.\r\nRed Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.\r\nApache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.\r\nJBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.\r\nRed Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank für den schnellen Zugriff auf große Datenvolumen und Skalierbarkeit.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat-Produkten ausnutzen, um Dateien zu manipulieren, beliebigen Code auszuführen und einen Denial-of-Service-Zustand zu erzeugen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3147 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3147.json", }, { category: "self", summary: "WID-SEC-2024-3147 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3147", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-10-10", url: "https://access.redhat.com/errata/RHSA-2024:7670", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-10-10", url: "https://access.redhat.com/errata/RHSA-2024:7676", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-10-10", url: "https://access.redhat.com/errata/RHSA-2024:7972", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8093 vom 2024-10-14", url: "https://access.redhat.com/errata/RHSA-2024:8093", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8329 vom 2024-10-22", url: "https://access.redhat.com/errata/RHSA-2024:8329", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9571 vom 2024-11-13", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2693 vom 2024-11-15", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2693.html", }, { category: "external", summary: "NetApp Security Advisory NTAP-20241213-0010 vom 2024-12-13", url: "https://security.netapp.com/advisory/ntap-20241213-0010/", }, ], source_lang: "en-US", title: "Red Hat Produkte: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-12T23:00:00.000+00:00", generator: { date: "2024-12-13T12:42:03.404+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-3147", initial_release_date: "2024-10-10T22:00:00.000+00:00", revision_history: [ { date: "2024-10-10T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-10-14T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-15T22:00:00.000+00:00", number: "3", summary: "Anpassung im Text", }, { date: "2024-10-22T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-13T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-17T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-12-12T23:00:00.000+00:00", number: "7", summary: "Neue Updates von NetApp aufgenommen", }, ], status: "final", version: "7", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Apache Camel", product: { name: "Apache Camel", product_id: "T038266", product_identification_helper: { cpe: "cpe:/a:apache:camel:-", }, }, }, ], category: "vendor", name: "Apache", }, { branches: [ { category: "product_name", name: "NetApp ActiveIQ Unified Manager", product: { name: "NetApp ActiveIQ Unified Manager", product_id: "T016960", product_identification_helper: { cpe: "cpe:/a:netapp:active_iq_unified_manager:-", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "Cryostat 3", product: { name: "Red Hat Enterprise Linux Cryostat 3", product_id: "T036943", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:cryostat_3", }, }, }, { category: "product_version", name: "7", product: { name: "Red Hat Enterprise Linux 7", product_id: "T038260", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7", }, }, }, { category: "product_version", name: "8", product: { name: "Red Hat Enterprise Linux 8", product_id: "T038261", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8", }, }, }, { category: "product_version", name: "9", product: { name: "Red Hat Enterprise Linux 9", product_id: "T038262", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9", }, }, }, { category: "product_version", name: "AI", product: { name: "Red Hat Enterprise Linux AI", product_id: "T038263", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:ai", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version", name: "8", product: { name: "Red Hat JBoss Data Grid 8", product_id: "T038268", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_data_grid:8", }, }, }, ], category: "product_name", name: "JBoss Data Grid", }, { branches: [ { category: "product_version_range", name: "Quarkus <3.8.6.SP1", product: { name: "Red Hat JBoss Enterprise Application Platform Quarkus <3.8.6.SP1", product_id: "T038267", }, }, { category: "product_version", name: "Quarkus 3.8.6.SP1", product: { name: "Red Hat JBoss Enterprise Application Platform Quarkus 3.8.6.SP1", product_id: "T038267-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:quarkus__3.8.6.sp1", }, }, }, { category: "product_version_range", name: "Quarkus <3.2.12.SP1", product: { name: "Red Hat JBoss Enterprise Application Platform Quarkus <3.2.12.SP1", product_id: "T038269", }, }, { category: "product_version", name: "Quarkus 3.2.12.SP1", product: { name: "Red Hat JBoss Enterprise Application Platform Quarkus 3.2.12.SP1", product_id: "T038269-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:quarkus__3.2.12.sp1", }, }, }, ], category: "product_name", name: "JBoss Enterprise Application Platform", }, { category: "product_name", name: "Red Hat OpenShift", product: { name: "Red Hat OpenShift", product_id: "T038265", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:-", }, }, }, { branches: [ { category: "product_version", name: "16.2", product: { name: "Red Hat OpenStack 16.2", product_id: "T038264", product_identification_helper: { cpe: "cpe:/a:redhat:openstack:16.2", }, }, }, ], category: "product_name", name: "OpenStack", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-44549", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in mehreren Red-Hat-Produkten. Dieser Fehler betrifft die Apache Sling Commons Messaging Mail Komponente aufgrund der fehlenden Server-Identitätsprüfung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er einen Man-in-the-Middle-Angriff durchführt und so den E-Mail-Verkehr abfängt, verändert oder abhört, indem er sich als legitimer Mailserver ausgibt.", }, ], product_status: { known_affected: [ "67646", "T036943", "T038269", "T038265", "T016960", "T038266", "T038267", "T038268", "T038261", "T038262", "T038263", "T038264", "T038260", "398363", ], }, release_date: "2024-10-10T22:00:00.000+00:00", title: "CVE-2021-44549", }, { cve: "CVE-2024-40094", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in mehreren Red-Hat-Produkten. Dieser Fehler betrifft die GraphQL-Java-Komponente aufgrund einer unsachgemäßen Behandlung von ExecutableNormalizedFields (ENFs) während Introspektionsabfragen, was zu einer Erschöpfung der Ressourcen führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "67646", "T036943", "T038269", "T038265", "T016960", "T038266", "T038267", "T038268", "T038261", "T038262", "T038263", "T038264", "T038260", "398363", ], }, release_date: "2024-10-10T22:00:00.000+00:00", title: "CVE-2024-40094", }, { cve: "CVE-2024-47561", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in mehreren Red-Hat-Produkten. Dieser Fehler betrifft die Apache-Avro-Komponente aufgrund einer unsachgemäßen Behandlung von vom Benutzer bereitgestellten Avro-Schemata, wenn diese das spezielle „java-class“-Attribut enthalten, was bösartige Eingaben ermöglicht. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er das Parsen eines manipulierten Avro-Schemas ausnutzt.", }, ], product_status: { known_affected: [ "67646", "T036943", "T038269", "T038265", "T016960", "T038266", "T038267", "T038268", "T038261", "T038262", "T038263", "T038264", "T038260", "398363", ], }, release_date: "2024-10-10T22:00:00.000+00:00", title: "CVE-2024-47561", }, { cve: "CVE-2024-7254", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in mehreren Red-Hat-Produkten. Dieser Fehler besteht aufgrund einer unbegrenzten Rekursion beim Parsen von Protokollpufferdaten, die beliebig verschachtelte SGROUP-Tags enthalten, was zu einem Stapelüberlauf führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "67646", "T036943", "T038269", "T038265", "T016960", "T038266", "T038267", "T038268", "T038261", "T038262", "T038263", "T038264", "T038260", "398363", ], }, release_date: "2024-10-10T22:00:00.000+00:00", title: "CVE-2024-7254", }, ], }
wid-sec-w-2024-3180
Vulnerability from csaf_certbund
Published
2024-10-14 22:00
Modified
2024-12-12 23:00
Summary
Apache Camel und mehrere Red Hat Produkte: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.
JBoss A-MQ ist eine Messaging-Plattform.
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Red Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank für den schnellen Zugriff auf große Datenvolumen und Skalierbarkeit.
Angriff
Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Apache Camel und in mehreren Red Hat-Produkten ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben und beliebigen Code auszuführen.
Betroffene Betriebssysteme
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.\r\nJBoss A-MQ ist eine Messaging-Plattform.\r\nJBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.\r\nRed Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank für den schnellen Zugriff auf große Datenvolumen und Skalierbarkeit.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Apache Camel und in mehreren Red Hat-Produkten ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben und beliebigen Code auszuführen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3180 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3180.json", }, { category: "self", summary: "WID-SEC-2024-3180 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3180", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-10-14", url: "https://access.redhat.com/errata/RHSA-2024:8064", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8339 vom 2024-10-22", url: "https://access.redhat.com/errata/RHSA-2024:8339", }, { category: "external", summary: "IBM Security Bulletin", url: "https://www.ibm.com/support/pages/node/7174634", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8824 vom 2024-11-04", url: "https://access.redhat.com/errata/RHSA-2024:8824", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8823 vom 2024-11-04", url: "https://access.redhat.com/errata/RHSA-2024:8823", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8826 vom 2024-11-04", url: "https://access.redhat.com/errata/RHSA-2024:8826", }, { category: "external", summary: "Atlassian November 2024 Security Bulletin vom 2024-11-19", url: "https://confluence.atlassian.com/pages/viewpage.action?pageId=1456179091", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12", url: "https://access.redhat.com/errata/RHSA-2024:11023", }, ], source_lang: "en-US", title: "Apache Camel und mehrere Red Hat Produkte: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-12T23:00:00.000+00:00", generator: { date: "2024-12-13T10:13:00.893+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-3180", initial_release_date: "2024-10-14T22:00:00.000+00:00", revision_history: [ { date: "2024-10-14T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-10-22T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-31T23:00:00.000+00:00", number: "3", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-04T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-19T23:00:00.000+00:00", number: "5", summary: "Neue Updates aufgenommen", }, { date: "2024-12-12T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<4.4.3", product: { name: "Apache Camel <4.4.3", product_id: "T038353", }, }, { category: "product_version", name: "4.4.3", product: { name: "Apache Camel 4.4.3", product_id: "T038353-fixed", product_identification_helper: { cpe: "cpe:/a:apache:camel:4.4.3", }, }, }, ], category: "product_name", name: "Camel", }, ], category: "vendor", name: "Apache", }, { branches: [ { branches: [ { category: "product_version_range", name: "<10.0.3", product: { name: "Atlassian Bamboo <10.0.3", product_id: "T039274", }, }, { category: "product_version", name: "10.0.3", product: { name: "Atlassian Bamboo 10.0.3", product_id: "T039274-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:10.0.3", }, }, }, { category: "product_version_range", name: "<9.6.8", product: { name: "Atlassian Bamboo <9.6.8", product_id: "T039275", }, }, { category: "product_version", name: "9.6.8", product: { name: "Atlassian Bamboo 9.6.8", product_id: "T039275-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:9.6.8", }, }, }, { category: "product_version_range", name: "<9.2.20", product: { name: "Atlassian Bamboo <9.2.20", product_id: "T039276", }, }, { category: "product_version", name: "9.2.20", product: { name: "Atlassian Bamboo 9.2.20", product_id: "T039276-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:9.2.20", }, }, }, ], category: "product_name", name: "Bamboo", }, ], category: "vendor", name: "Atlassian", }, { branches: [ { branches: [ { category: "product_version_range", name: "<7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM <7.5.0 UP10 IF01", product_id: "T038741", }, }, { category: "product_version", name: "7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM 7.5.0 UP10 IF01", product_id: "T038741-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version", name: "Camel K 1", product: { name: "Red Hat Integration Camel K 1", product_id: "T031972", product_identification_helper: { cpe: "cpe:/a:redhat:integration:camel_k_1", }, }, }, ], category: "product_name", name: "Integration", }, { category: "product_name", name: "Red Hat JBoss A-MQ", product: { name: "Red Hat JBoss A-MQ", product_id: "T038357", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:-", }, }, }, { category: "product_name", name: "Red Hat JBoss Data Grid", product: { name: "Red Hat JBoss Data Grid", product_id: "T038358", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_data_grid:-", }, }, }, { branches: [ { category: "product_version", name: "Quarkus", product: { name: "Red Hat JBoss Enterprise Application Platform Quarkus", product_id: "T038356", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:quarkus", }, }, }, ], category: "product_name", name: "JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Camel und mehreren Red Hat Produkten. Dieser Fehler betrifft das Nimbus Jose JWT-Paket aufgrund einer unsachgemäßen Behandlung von großen JWE p2c-Header-Werten im PasswordBasedDecrypter, was einen übermäßigen Ressourcenverbrauch ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T039274", "T039276", "T031972", "T039275", "67646", "T038357", "T038358", "T038353", "T038741", "T038356", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2023-52428", }, { cve: "CVE-2024-38809", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Camel und mehreren Red Hat Produkten. Dieser Fehler betrifft das Spring Web-Paket aufgrund einer unsachgemäßen ETag-Präfix-Validierung während des Parsings. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er eine böswillig gestaltete bedingte HTTP-Anfrage sendet.", }, ], product_status: { known_affected: [ "T039274", "T039276", "T031972", "T039275", "67646", "T038357", "T038358", "T038353", "T038741", "T038356", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-38809", }, { cve: "CVE-2024-38816", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Camel und mehreren Red Hat-Produkten. Dieser Fehler betrifft die Spring-Anwendungen aufgrund von unsachgemäße Validierung von Dateipfaden bei der Verwendung der WebMvc.fn- oder WebFlux.fn-Frameworks, was eine Pfadumgehung ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen wie Konfigurationsdateien, Umgebungsvariablen oder Authentifizierungsdaten offenzulegen. Die offengelegten Informationen können zur Durchführung weiterer Angriffe verwendet werden, einschließlich der Ausweitung von Privilegien, lateraler Bewegungen oder Remotecodeausführung innerhalb des Systems.", }, ], product_status: { known_affected: [ "T039274", "T039276", "T031972", "T039275", "67646", "T038357", "T038358", "T038353", "T038741", "T038356", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-38816", }, { cve: "CVE-2024-45294", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Camel und mehreren Red Hat-Produkten. Dieser Fehler besteht aufgrund einer unsachgemäßen Behandlung von externen XML-Entitäten in XSLT-Transformationen innerhalb von HAPI FHIR, wodurch bösartiges XML mit DTD-Tags verarbeitet werden kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um XML XXE Injection durchzuführen und so vertrauliche Informationen wie Dateien und Umgebungsvariablen offenzulegen.", }, ], product_status: { known_affected: [ "T039274", "T039276", "T031972", "T039275", "67646", "T038357", "T038358", "T038353", "T038741", "T038356", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-45294", }, { cve: "CVE-2024-47561", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Camel und mehreren Red Hat Produkten. Dieser Fehler besteht aufgrund einer unsachgemäßen Behandlung von vom Benutzer bereitgestellten Avro-Schemata in Apache Avro. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er das spezielle Attribut „java-class“ verwendet.", }, ], product_status: { known_affected: [ "T039274", "T039276", "T031972", "T039275", "67646", "T038357", "T038358", "T038353", "T038741", "T038356", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-47561", }, ], }
wid-sec-w-2024-3111
Vulnerability from csaf_certbund
Published
2024-10-08 22:00
Modified
2024-11-24 23:00
Summary
Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3111 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3111.json", }, { category: "self", summary: "WID-SEC-2024-3111 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3111", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-10-08", url: "https://access.redhat.com/errata/RHSA-2024:7811", }, { category: "external", summary: "Red Hat Security Advisory vom 2024-10-08", url: "https://access.redhat.com/errata/RHSA-2024:7812", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7861 vom 2024-10-09", url: "https://access.redhat.com/errata/RHSA-2024:7861", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:10207 vom 2024-11-25", url: "https://access.redhat.com/errata/RHSA-2024:10207", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:10208 vom 2024-11-25", url: "https://access.redhat.com/errata/RHSA-2024:10208", }, ], source_lang: "en-US", title: "Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Codeausführung", tracking: { current_release_date: "2024-11-24T23:00:00.000+00:00", generator: { date: "2024-11-25T09:11:51.578+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3111", initial_release_date: "2024-10-08T22:00:00.000+00:00", revision_history: [ { date: "2024-10-08T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-10-09T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-24T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version_range", name: "<7.4", product: { name: "Red Hat JBoss Enterprise Application Platform <7.4", product_id: "T038033", }, }, { category: "product_version", name: "7.4", product: { name: "Red Hat JBoss Enterprise Application Platform 7.4", product_id: "T038033-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", }, }, }, { category: "product_version_range", name: "<7.1.8", product: { name: "Red Hat JBoss Enterprise Application Platform <7.1.8", product_id: "T039411", }, }, { category: "product_version", name: "7.1.8", product: { name: "Red Hat JBoss Enterprise Application Platform 7.1.8", product_id: "T039411-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.1.8", }, }, }, { category: "product_version_range", name: "<7.3.11", product: { name: "Red Hat JBoss Enterprise Application Platform <7.3.11", product_id: "T039412", }, }, { category: "product_version", name: "7.3.11", product: { name: "Red Hat JBoss Enterprise Application Platform 7.3.11", product_id: "T039412-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.11", }, }, }, ], category: "product_name", name: "JBoss Enterprise Application Platform", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47561", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Red Hat JBoss Enterprise Application Platform. Dieser Fehler betrifft den Apache Avro aufgrund der unsachgemäßen Behandlung von vom Benutzer bereitgestellten Schemata, insbesondere solchen mit dem Attribut „java-class“. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuführen, indem er ein bösartiges Schema einreicht.", }, ], product_status: { known_affected: [ "T038033", "67646", "T039412", "T039411", ], }, release_date: "2024-10-08T22:00:00.000+00:00", title: "CVE-2024-47561", }, ], }
ncsc-2025-0021
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:30
Modified
2025-01-22 13:30
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-670
Always-Incorrect Control Flow Implementation
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-35
Path Traversal: '.../...//'
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-676
Use of Potentially Dangerous Function
CWE-606
Unchecked Input for Loop Condition
CWE-450
Multiple Interpretations of UI Input
CWE-131
Incorrect Calculation of Buffer Size
CWE-328
Use of Weak Hash
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-1220
Insufficient Granularity of Access Control
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-755
Improper Handling of Exceptional Conditions
CWE-347
Improper Verification of Cryptographic Signature
CWE-834
Excessive Iteration
CWE-178
Improper Handling of Case Sensitivity
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-415
Double Free
CWE-311
Missing Encryption of Sensitive Data
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-617
Reachable Assertion
CWE-427
Uncontrolled Search Path Element
CWE-836
Use of Password Hash Instead of Password for Authentication
CWE-680
Integer Overflow to Buffer Overflow
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-23
Relative Path Traversal
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-203
Observable Discrepancy
CWE-354
Improper Validation of Integrity Check Value
CWE-325
Missing Cryptographic Step
CWE-190
Integer Overflow or Wraparound
CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE-61
UNIX Symbolic Link (Symlink) Following
CWE-552
Files or Directories Accessible to External Parties
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-798
Use of Hard-coded Credentials
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-863
Incorrect Authorization
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-269
Improper Privilege Management
CWE-20
Improper Input Validation
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-276
Incorrect Default Permissions
CWE-294
Authentication Bypass by Capture-replay
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, { category: "general", text: "Use of Potentially Dangerous Function", title: "CWE-676", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, { category: "general", text: "Insertion of Sensitive Information Into Sent Data", title: "CWE-201", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Double Free", title: "CWE-415", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", title: "CWE-924", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Reachable Assertion", title: "CWE-617", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "Use of Password Hash Instead of Password for Authentication", title: "CWE-836", }, { category: "general", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Relative Path Traversal", title: "CWE-23", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Observable Discrepancy", title: "CWE-203", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "User Interface (UI) Misrepresentation of Critical Information", title: "CWE-451", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Unrestricted Upload of File with Dangerous Type", title: "CWE-434", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Incorrect Authorization", title: "CWE-863", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Generation of Error Message Containing Sensitive Information", title: "CWE-209", }, { category: "general", text: "Incorrect Default Permissions", title: "CWE-276", }, { category: "general", text: "Authentication Bypass by Capture-replay", title: "CWE-294", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2025-01-22T13:30:50.189632Z", id: "NCSC-2025-0021", initial_release_date: "2025-01-22T13:30:50.189632Z", revision_history: [ { date: "2025-01-22T13:30:50.189632Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1727475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751383", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751378", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751377", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751380", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751379", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1751255", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1751254", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0-15.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1751303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1751300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1751085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1751079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1751253", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1751090", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1751246", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1751208", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1751209", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1751231", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751225", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751088", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1751081", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1751084", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1751241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751082", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-1751229", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-1751230", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751104", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751097", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751211", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1751243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:47.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-819413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-819414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-1751218", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-916906", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-1751247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-1751248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1751233", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1751234", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-819415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-819416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1751235", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.1-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1751296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1751217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1751258", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-41727", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2022-41727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41727.json", }, ], title: "CVE-2022-41727", }, { cve: "CVE-2023-4408", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-4408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4408.json", }, ], title: "CVE-2023-4408", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-5678", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json", }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-5981", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751217", "CSAFPID-1673481", ], }, references: [ { category: "self", summary: "CVE-2023-5981", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5981.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751217", "CSAFPID-1673481", ], }, ], title: "CVE-2023-5981", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751097", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751097", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-7256", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "other", text: "Double Free", title: "CWE-415", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2023-7256", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7256.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, ], title: "CVE-2023-7256", }, { cve: "CVE-2023-29407", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2023-29407", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29407.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2023-29407", }, { cve: "CVE-2023-29408", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2023-29408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29408.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2023-29408", }, { cve: "CVE-2023-40577", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2023-40577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40577.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, ], title: "CVE-2023-40577", }, { cve: "CVE-2023-46218", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, notes: [ { category: "other", text: "Insertion of Sensitive Information Into Sent Data", title: "CWE-201", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, references: [ { category: "self", summary: "CVE-2023-46218", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, ], title: "CVE-2023-46218", }, { cve: "CVE-2023-46219", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, references: [ { category: "self", summary: "CVE-2023-46219", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46219.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, ], title: "CVE-2023-46219", }, { cve: "CVE-2023-46604", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-219826", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751104", ], }, references: [ { category: "self", summary: "CVE-2023-46604", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46604.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-219826", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751104", ], }, ], title: "CVE-2023-46604", }, { cve: "CVE-2023-50868", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-50868", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50868.json", }, ], title: "CVE-2023-50868", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650777", "CSAFPID-1650778", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-0232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json", }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0397", product_status: { known_affected: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-0397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, ], title: "CVE-2024-0397", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-1442", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-1442", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1442.json", }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-1442", }, { cve: "CVE-2024-2961", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1672762", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1673396", "CSAFPID-1673395", "CSAFPID-1673494", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-2961", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1672762", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1673396", "CSAFPID-1673395", "CSAFPID-1673494", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", "CSAFPID-1751237", ], }, ], title: "CVE-2024-2961", }, { cve: "CVE-2024-3596", cwe: { id: "CWE-924", name: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", }, notes: [ { category: "other", text: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", title: "CWE-924", }, { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, { category: "other", text: "Authentication Bypass by Capture-replay", title: "CWE-294", }, { category: "other", text: "Use of Password Hash Instead of Password for Authentication", title: "CWE-836", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "other", text: "User Interface (UI) Misrepresentation of Critical Information", title: "CWE-451", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-3596", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-3596.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-1751253", ], }, ], title: "CVE-2024-3596", }, { cve: "CVE-2024-4030", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, notes: [ { category: "other", text: "Incorrect Default Permissions", title: "CWE-276", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-4030", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-4030", }, { cve: "CVE-2024-4032", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, notes: [ { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-4032", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-4032", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-1751253", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751209", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751303", "CSAFPID-1650820", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751303", "CSAFPID-1650820", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751233", "CSAFPID-1673530", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751233", "CSAFPID-1673530", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-7885", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1751080", "CSAFPID-1751090", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-7885", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7885.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1751080", "CSAFPID-1751090", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-7885", }, { cve: "CVE-2024-8006", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-8006", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8006.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, ], title: "CVE-2024-8006", }, { cve: "CVE-2024-9143", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-9143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json", }, ], title: "CVE-2024-9143", }, { cve: "CVE-2024-22195", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-22195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-22195", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-24786", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24786.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-24786", }, { cve: "CVE-2024-24791", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-24791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, ], title: "CVE-2024-24791", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751229", "CSAFPID-1751230", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751229", "CSAFPID-1751230", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912101", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912101", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27309", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], product_status: { known_affected: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-27309", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27309.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-27309", }, { cve: "CVE-2024-28219", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Use of Potentially Dangerous Function", title: "CWE-676", }, { category: "other", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1751085", "CSAFPID-912547", ], }, references: [ { category: "self", summary: "CVE-2024-28219", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1751085", "CSAFPID-912547", ], }, ], title: "CVE-2024-28219", }, { cve: "CVE-2024-28834", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-28834", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28834.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, ], title: "CVE-2024-28834", }, { cve: "CVE-2024-28835", cwe: { id: "CWE-248", name: "Uncaught Exception", }, notes: [ { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-28835", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28835.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, ], title: "CVE-2024-28835", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751235", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751235", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751233", "CSAFPID-1751218", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751233", "CSAFPID-1751218", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-33599", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33599", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33600", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", cwe: { id: "CWE-703", name: "Improper Check or Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "other", text: "Reachable Assertion", title: "CWE-617", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34064", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751238", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-1751082", "CSAFPID-1751240", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1673481", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-34064", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751238", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-1751082", "CSAFPID-1751240", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1673481", "CSAFPID-1751085", ], }, ], title: "CVE-2024-34064", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751242", "CSAFPID-1751243", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751242", "CSAFPID-1751243", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751085", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-35195", cwe: { id: "CWE-670", name: "Always-Incorrect Control Flow Implementation", }, notes: [ { category: "other", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, ], product_status: { known_affected: [ "CSAFPID-1751246", "CSAFPID-1751247", "CSAFPID-1751248", "CSAFPID-1673530", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-220132", "CSAFPID-1751082", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-912079", "CSAFPID-916906", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-35195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json", }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751246", "CSAFPID-1751247", "CSAFPID-1751248", "CSAFPID-1673530", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-220132", "CSAFPID-1751082", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-912079", "CSAFPID-916906", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-35195", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751254", "CSAFPID-1673530", "CSAFPID-1751217", "CSAFPID-1751255", "CSAFPID-816790", "CSAFPID-1751258", "CSAFPID-1673481", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751254", "CSAFPID-1673530", "CSAFPID-1751217", "CSAFPID-1751255", "CSAFPID-816790", "CSAFPID-1751258", "CSAFPID-1673481", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "other", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, ], references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38807", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-38807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38807.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-38807", }, { cve: "CVE-2024-38809", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-38809", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-1673393", ], }, ], title: "CVE-2024-38809", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751082", "CSAFPID-1751225", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751082", "CSAFPID-1751225", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751081", "CSAFPID-1751082", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751081", "CSAFPID-1751082", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751080", "CSAFPID-1751082", "CSAFPID-1751085", "CSAFPID-1672767", "CSAFPID-1751241", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751080", "CSAFPID-1751082", "CSAFPID-1751085", "CSAFPID-1672767", "CSAFPID-1751241", ], }, ], title: "CVE-2024-38820", }, { cve: "CVE-2024-38827", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-38827", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-38827", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-47535", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47535.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47535", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751292", "CSAFPID-1751234", "CSAFPID-1751294", "CSAFPID-1751233", "CSAFPID-1751295", "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751292", "CSAFPID-1751234", "CSAFPID-1751294", "CSAFPID-1751233", "CSAFPID-1751295", "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2024-47803", cwe: { id: "CWE-209", name: "Generation of Error Message Containing Sensitive Information", }, notes: [ { category: "other", text: "Generation of Error Message Containing Sensitive Information", title: "CWE-209", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-47803", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47803.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-47803", }, { cve: "CVE-2024-47804", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, { category: "other", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-47804", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47804.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-47804", }, { cve: "CVE-2024-49766", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751246", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-49766", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49766.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751246", "CSAFPID-1751209", ], }, ], title: "CVE-2024-49766", }, { cve: "CVE-2024-49767", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751080", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751082", "CSAFPID-1751300", "CSAFPID-1751246", "CSAFPID-1751209", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-49767", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49767.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751080", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751082", "CSAFPID-1751300", "CSAFPID-1751246", "CSAFPID-1751209", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-49767", }, { cve: "CVE-2024-50379", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-50379", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-50379", }, { cve: "CVE-2024-50602", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751082", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-50602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50602.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751082", "CSAFPID-1751085", ], }, ], title: "CVE-2024-50602", }, { cve: "CVE-2024-53677", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Unrestricted Upload of File with Dangerous Type", title: "CWE-434", }, { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-53677", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53677.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-53677", }, { cve: "CVE-2024-54677", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-54677", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-54677", }, { cve: "CVE-2024-56337", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-56337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-56337", }, { cve: "CVE-2025-21542", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21542", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21542.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21542", }, { cve: "CVE-2025-21544", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21544", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21544.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21544", }, { cve: "CVE-2025-21554", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21554.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21554", }, ], }
ncsc-2025-0027
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:36
Modified
2025-01-22 13:36
Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in zijn producten, waaronder Oracle Fusion Middleware, Oracle WebLogic Server, en Oracle HTTP Server.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende Oracle producten, waaronder Oracle WebLogic Server versies 12.2.1.4.0 en 14.1.1.0.0, die het mogelijk maken voor ongeauthenticeerde kwaadwillenden om toegang te krijgen tot kritieke gegevens. Dit kan leiden tot ernstige gevolgen voor de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen. De kwetsbaarheid in Oracle HTTP Server versie 12.2.1.4.0 stelt kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, met een CVSS-score van 5.3, terwijl de kwetsbaarheid in WebLogic Server een CVSS-score van 9.8 heeft, wat wijst op een kritieke impact. Kwaadwillenden kunnen ook gebruik maken van kwetsbaarheden in Oracle Fusion Middleware en andere producten om Denial-of-Service (DoS) aanvallen uit te voeren.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-35
Path Traversal: '.../...//'
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-755
Improper Handling of Exceptional Conditions
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-116
Improper Encoding or Escaping of Output
CWE-190
Integer Overflow or Wraparound
CWE-532
Insertion of Sensitive Information into Log File
CWE-798
Use of Hard-coded Credentials
CWE-125
Out-of-bounds Read
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-295
Improper Certificate Validation
CWE-400
Uncontrolled Resource Consumption
CWE-502
Deserialization of Untrusted Data
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft meerdere kwetsbaarheden verholpen in zijn producten, waaronder Oracle Fusion Middleware, Oracle WebLogic Server, en Oracle HTTP Server.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende Oracle producten, waaronder Oracle WebLogic Server versies 12.2.1.4.0 en 14.1.1.0.0, die het mogelijk maken voor ongeauthenticeerde kwaadwillenden om toegang te krijgen tot kritieke gegevens. Dit kan leiden tot ernstige gevolgen voor de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen. De kwetsbaarheid in Oracle HTTP Server versie 12.2.1.4.0 stelt kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, met een CVSS-score van 5.3, terwijl de kwetsbaarheid in WebLogic Server een CVSS-score van 9.8 heeft, wat wijst op een kritieke impact. Kwaadwillenden kunnen ook gebruik maken van kwetsbaarheden in Oracle Fusion Middleware en andere producten om Denial-of-Service (DoS) aanvallen uit te voeren.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, { category: "general", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Fusion Middleware", tracking: { current_release_date: "2025-01-22T13:36:27.908718Z", id: "NCSC-2025-0027", initial_release_date: "2025-01-22T13:36:27.908718Z", revision_history: [ { date: "2025-01-22T13:36:27.908718Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-93909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-40303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-912074", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware_mapviewer", product: { name: "fusion_middleware_mapviewer", product_id: "CSAFPID-226018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1646487", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-332789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:11.1.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1747074", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.19.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-342815", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-271904", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-503474", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1674670", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:8.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-3661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-3660", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-1973", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-1751293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "security_service", product: { name: "security_service", product_id: "CSAFPID-199820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring", product: { name: "business_activity_monitoring", product_id: "CSAFPID-228157", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring__bam_", product: { name: "business_activity_monitoring__bam_", product_id: "CSAFPID-764927", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring__bam_", product: { name: "business_activity_monitoring__bam_", product_id: "CSAFPID-764928", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "identity_manager", product: { name: "identity_manager", product_id: "CSAFPID-220164", product_identification_helper: { cpe: "cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "managed_file_transfer", product: { name: "managed_file_transfer", product_id: "CSAFPID-204581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94398", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_process_management_suite", product: { name: "business_process_management_suite", product_id: "CSAFPID-9043", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_process_management_suite", product: { name: "business_process_management_suite", product_id: "CSAFPID-9642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "outside_in_technology", product: { name: "outside_in_technology", product_id: "CSAFPID-1260", product_identification_helper: { cpe: "cpe:2.3:a:oracle:outside_in_technology:8.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "outside_in_technology", product: { name: "outside_in_technology", product_id: "CSAFPID-912053", product_identification_helper: { cpe: "cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "webcenter_portal", product: { name: "webcenter_portal", product_id: "CSAFPID-135359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "webcenter_portal", product: { name: "webcenter_portal", product_id: "CSAFPID-45194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2019-12415", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-45194", "CSAFPID-135359", "CSAFPID-1646487", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-204581", "CSAFPID-94309", "CSAFPID-1260", "CSAFPID-3661", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-764927", "CSAFPID-764928", "CSAFPID-9043", "CSAFPID-93909", "CSAFPID-94398", ], }, references: [ { category: "self", summary: "CVE-2019-12415", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-12415.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-45194", "CSAFPID-135359", "CSAFPID-1646487", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-204581", "CSAFPID-94309", "CSAFPID-1260", "CSAFPID-3661", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-764927", "CSAFPID-764928", "CSAFPID-9043", "CSAFPID-93909", "CSAFPID-94398", ], }, ], title: "CVE-2019-12415", }, { cve: "CVE-2023-7272", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2023-7272", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7272.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2023-7272", }, { cve: "CVE-2023-38709", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, notes: [ { category: "other", text: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", title: "CWE-113", }, { category: "other", text: "Improper Validation of Specified Quantity in Input", title: "CWE-1284", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2023-38709", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38709.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2023-38709", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-39410", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", ], }, ], title: "CVE-2023-39410", }, { cve: "CVE-2023-44483", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", ], }, references: [ { category: "self", summary: "CVE-2023-44483", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44483.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", ], }, ], title: "CVE-2023-44483", }, { cve: "CVE-2023-49582", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, notes: [ { category: "other", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2023-49582", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49582.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2023-49582", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-8096", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-8096", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8096.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-8096", }, { cve: "CVE-2024-23635", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-23635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23635.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, ], title: "CVE-2024-23635", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-1747074", "CSAFPID-1674670", "CSAFPID-503474", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-1747074", "CSAFPID-1674670", "CSAFPID-503474", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30171", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, notes: [ { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-30171", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30171.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-30171", }, { cve: "CVE-2024-30172", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-30172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-30172", }, { cve: "CVE-2024-34447", cwe: { id: "CWE-706", name: "Use of Incorrectly-Resolved Name or Reference", }, notes: [ { category: "other", text: "Use of Incorrectly-Resolved Name or Reference", title: "CWE-706", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-34447", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34447.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-34447", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-204581", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-204581", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-199820", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-199820", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-199820", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-199820", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-38473", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-38473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-38473", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "other", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-94309", "CSAFPID-220164", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-94309", "CSAFPID-220164", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-94309", "CSAFPID-220164", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-94309", "CSAFPID-220164", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-9642", "CSAFPID-226018", "CSAFPID-45194", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-9642", "CSAFPID-226018", "CSAFPID-45194", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-9642", "CSAFPID-228157", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-226018", "CSAFPID-45194", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9642", "CSAFPID-228157", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-226018", "CSAFPID-45194", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-40303", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-40303", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-40303", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-47072", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-228157", ], }, references: [ { category: "self", summary: "CVE-2024-47072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", ], }, ], title: "CVE-2024-47072", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751293", "CSAFPID-45194", "CSAFPID-1973", "CSAFPID-3660", ], }, references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751293", "CSAFPID-45194", "CSAFPID-1973", "CSAFPID-3660", ], }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-9642", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9642", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2025-21498", product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2025-21498", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21498.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2025-21498", }, { cve: "CVE-2025-21535", product_status: { known_affected: [ "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2025-21535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2025-21535", }, { cve: "CVE-2025-21549", product_status: { known_affected: [ "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2025-21549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1973", ], }, ], title: "CVE-2025-21549", }, ], }
ncsc-2025-0020
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:30
Modified
2025-01-22 13:30
Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-391
Unchecked Error Condition
CWE-115
Misinterpretation of Input
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-222
Truncation of Security-relevant Information
CWE-131
Incorrect Calculation of Buffer Size
CWE-1287
Improper Validation of Specified Type of Input
CWE-922
Insecure Storage of Sensitive Information
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-1220
Insufficient Granularity of Access Control
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-178
Improper Handling of Case Sensitivity
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-617
Reachable Assertion
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE-354
Improper Validation of Integrity Check Value
CWE-190
Integer Overflow or Wraparound
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-276
Incorrect Default Permissions
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Unchecked Error Condition", title: "CWE-391", }, { category: "general", text: "Misinterpretation of Input", title: "CWE-115", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, { category: "general", text: "Insecure Storage of Sensitive Information", title: "CWE-922", }, { category: "general", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, { category: "general", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Reachable Assertion", title: "CWE-617", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Authentication Bypass Using an Alternate Path or Channel", title: "CWE-288", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", title: "CWE-757", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Incorrect Default Permissions", title: "CWE-276", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Database producten", tracking: { current_release_date: "2025-01-22T13:30:16.354373Z", id: "NCSC-2025-0020", initial_release_date: "2025-01-22T13:30:16.354373Z", revision_history: [ { date: "2025-01-22T13:30:16.354373Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "graal_development_kit_for_micronaut", product: { name: "graal_development_kit_for_micronaut", product_id: "CSAFPID-1751216", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graal_development_kit_for_micronaut:23.5-23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_data_mining", product: { name: "database_-_data_mining", product_id: "CSAFPID-1751200", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_data_mining:19.3-19.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_data_mining", product: { name: "database_-_data_mining", product_id: "CSAFPID-1751199", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_data_mining:21.3-21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_migration_assistant_for_unicode", product: { name: "database_migration_assistant_for_unicode", product_id: "CSAFPID-1751212", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_migration_assistant_for_unicode:19.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_server", product: { name: "database_server", product_id: "CSAFPID-1503604", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_graalvm_multilingual_engine", product: { name: "database_-_graalvm_multilingual_engine", product_id: "CSAFPID-1751223", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.4-21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_graalvm_multilingual_engine", product: { name: "database_-_graalvm_multilingual_engine", product_id: "CSAFPID-1751224", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.5-23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1503575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673188", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-342816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-816845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1751298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1751299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-485902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751093", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751094", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751095", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751204", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751203", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "rest_data_services", product: { name: "rest_data_services", product_id: "CSAFPID-711746", product_identification_helper: { cpe: "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "rest_data_services", product: { name: "rest_data_services", product_id: "CSAFPID-1751305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "rest_data_services", product: { name: "rest_data_services", product_id: "CSAFPID-1751304", product_identification_helper: { cpe: "cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-667692", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-345049", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-611417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-1673422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", "CSAFPID-1751204", "CSAFPID-1751203", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", "CSAFPID-1751204", "CSAFPID-1751203", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", "CSAFPID-1751204", "CSAFPID-1751203", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", "CSAFPID-1751204", "CSAFPID-1751203", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-45772", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], references: [ { category: "self", summary: "CVE-2024-45772", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45772.json", }, ], title: "CVE-2024-45772", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1650825", "CSAFPID-1751298", "CSAFPID-1751299", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650825", "CSAFPID-1751298", "CSAFPID-1751299", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2024-50379", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], references: [ { category: "self", summary: "CVE-2024-50379", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json", }, ], title: "CVE-2024-50379", }, { cve: "CVE-2024-52316", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, notes: [ { category: "other", text: "Unchecked Error Condition", title: "CWE-391", }, { category: "other", text: "Authentication Bypass Using an Alternate Path or Channel", title: "CWE-288", }, ], references: [ { category: "self", summary: "CVE-2024-52316", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52316.json", }, ], title: "CVE-2024-52316", }, { cve: "CVE-2024-54677", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-54677", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json", }, ], title: "CVE-2024-54677", }, { cve: "CVE-2024-56337", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], references: [ { category: "self", summary: "CVE-2024-56337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json", }, ], title: "CVE-2024-56337", }, { cve: "CVE-2025-21553", references: [ { category: "self", summary: "CVE-2025-21553", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21553.json", }, ], title: "CVE-2025-21553", }, { cve: "CVE-2025-21557", product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2025-21557", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21557.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2025-21557", }, { cve: "CVE-2022-26345", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1751199", "CSAFPID-1751200", ], }, references: [ { category: "self", summary: "CVE-2022-26345", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26345.json", }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751199", "CSAFPID-1751200", ], }, ], title: "CVE-2022-26345", }, { cve: "CVE-2023-27043", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2023-27043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27043.json", }, ], title: "CVE-2023-27043", }, { cve: "CVE-2023-36730", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1751203", "CSAFPID-1751204", ], }, references: [ { category: "self", summary: "CVE-2023-36730", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36730.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751203", "CSAFPID-1751204", ], }, ], title: "CVE-2023-36730", }, { cve: "CVE-2023-36785", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "other", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1751203", "CSAFPID-1751204", ], }, references: [ { category: "self", summary: "CVE-2023-36785", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36785.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751203", "CSAFPID-1751204", ], }, ], title: "CVE-2023-36785", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "other", text: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", title: "CWE-757", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, ], product_status: { known_affected: [ "CSAFPID-1650765", "CSAFPID-1650767", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-711746", "CSAFPID-816845", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-1751212", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650765", "CSAFPID-1650767", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-711746", "CSAFPID-816845", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-1751212", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-342816", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-816845", "CSAFPID-711746", "CSAFPID-1751216", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-342816", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-816845", "CSAFPID-711746", "CSAFPID-1751216", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-2961", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, references: [ { category: "self", summary: "CVE-2024-2961", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, ], title: "CVE-2024-2961", }, { cve: "CVE-2024-4030", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, notes: [ { category: "other", text: "Incorrect Default Permissions", title: "CWE-276", }, ], references: [ { category: "self", summary: "CVE-2024-4030", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json", }, ], title: "CVE-2024-4030", }, { cve: "CVE-2024-4032", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, notes: [ { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], references: [ { category: "self", summary: "CVE-2024-4032", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json", }, ], title: "CVE-2024-4032", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-6763", cwe: { id: "CWE-1286", name: "Improper Validation of Syntactic Correctness of Input", }, notes: [ { category: "other", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, ], product_status: { known_affected: [ "CSAFPID-1751304", "CSAFPID-1751305", ], }, references: [ { category: "self", summary: "CVE-2024-6763", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751304", "CSAFPID-1751305", ], }, ], title: "CVE-2024-6763", }, { cve: "CVE-2024-6923", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], references: [ { category: "self", summary: "CVE-2024-6923", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6923.json", }, ], title: "CVE-2024-6923", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-8088", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], references: [ { category: "self", summary: "CVE-2024-8088", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8088.json", }, ], title: "CVE-2024-8088", }, { cve: "CVE-2024-8927", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-8927", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8927.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-8927", }, { cve: "CVE-2024-11053", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], references: [ { category: "self", summary: "CVE-2024-11053", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json", }, ], title: "CVE-2024-11053", }, { cve: "CVE-2024-21211", cwe: { id: "CWE-922", name: "Insecure Storage of Sensitive Information", }, notes: [ { category: "other", text: "Insecure Storage of Sensitive Information", title: "CWE-922", }, ], product_status: { known_affected: [ "CSAFPID-1751223", "CSAFPID-1751224", ], }, references: [ { category: "self", summary: "CVE-2024-21211", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751223", "CSAFPID-1751224", ], }, ], title: "CVE-2024-21211", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1650825", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650825", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-24789", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, ], references: [ { category: "self", summary: "CVE-2024-24789", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24789.json", }, ], title: "CVE-2024-24789", }, { cve: "CVE-2024-24790", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Misinterpretation of Input", title: "CWE-115", }, { category: "other", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, ], references: [ { category: "self", summary: "CVE-2024-24790", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24790.json", }, ], title: "CVE-2024-24790", }, { cve: "CVE-2024-24791", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-24791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json", }, ], title: "CVE-2024-24791", }, { cve: "CVE-2024-28757", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, references: [ { category: "self", summary: "CVE-2024-28757", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, ], title: "CVE-2024-28757", }, { cve: "CVE-2024-33599", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], references: [ { category: "self", summary: "CVE-2024-33599", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json", }, ], title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-33600", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json", }, ], title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", cwe: { id: "CWE-703", name: "Improper Check or Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "other", text: "Reachable Assertion", title: "CWE-617", }, ], references: [ { category: "self", summary: "CVE-2024-33601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json", }, ], title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1650825", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1650825", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1650825", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650825", ], }, ], title: "CVE-2024-38820", }, ], }
ncsc-2024-0466
Vulnerability from csaf_ncscnl
Published
2024-12-06 13:05
Modified
2024-12-06 13:05
Summary
Kwetsbaarheden verholpen in Atlassian producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.
Voor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.
Oplossingen
Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-755
Improper Handling of Exceptional Conditions
CWE-347
Improper Verification of Cryptographic Signature
CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE-23
Relative Path Traversal
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.\nVoor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.", title: "Interpretaties", }, { category: "description", text: "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Excessive Platform Resource Consumption within a Loop", title: "CWE-1050", }, { category: "general", text: "Relative Path Traversal", title: "CWE-23", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - certbundde", url: "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html", }, ], title: "Kwetsbaarheden verholpen in Atlassian producten", tracking: { current_release_date: "2024-12-06T13:05:55.904619Z", id: "NCSC-2024-0466", initial_release_date: "2024-12-06T13:05:55.904619Z", revision_history: [ { date: "2024-12-06T13:05:55.904619Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "atlassian_bamboo__10.0.0", product: { name: "atlassian_bamboo__10.0.0", product_id: "CSAFPID-1645374", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bamboo__9.2.17", product: { name: "atlassian_bamboo__9.2.17", product_id: "CSAFPID-1621163", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bamboo__9.6.4", product: { name: "atlassian_bamboo__9.6.4", product_id: "CSAFPID-1645371", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__8.19.9", product: { name: "atlassian_bitbucket__8.19.9", product_id: "CSAFPID-1645370", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__8.9.19", product: { name: "atlassian_bitbucket__8.9.19", product_id: "CSAFPID-1645373", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__9.0.0", product: { name: "atlassian_bitbucket__9.0.0", product_id: "CSAFPID-1645372", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__7.19.26", product: { name: "atlassian_confluence__7.19.26", product_id: "CSAFPID-1621160", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__7.19.26__lts_", product: { name: "atlassian_confluence__7.19.26__lts_", product_id: "CSAFPID-1621135", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.5.12", product: { name: "atlassian_confluence__8.5.12", product_id: "CSAFPID-1645510", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.5.14__lts_", product: { name: "atlassian_confluence__8.5.14__lts_", product_id: "CSAFPID-1621133", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.9.4", product: { name: "atlassian_confluence__8.9.4", product_id: "CSAFPID-1645509", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__9.0.1", product: { name: "atlassian_confluence__9.0.1", product_id: "CSAFPID-1621161", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence_data_center__9.0.1", product: { name: "atlassian_confluence_data_center__9.0.1", product_id: "CSAFPID-1621140", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software__9.12.12__lts_", product: { name: "atlassian_jira_software__9.12.12__lts_", product_id: "CSAFPID-1621142", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software__9.4.25__lts_", product: { name: "atlassian_jira_software__9.4.25__lts_", product_id: "CSAFPID-1621143", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_data_center__9.17.1", product: { name: "atlassian_jira_software_data_center__9.17.1", product_id: "CSAFPID-1621141", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management__5.12.12__lts_", product: { name: "atlassian_jira_software_service_management__5.12.12__lts_", product_id: "CSAFPID-1621138", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management__5.4.25__lts_", product: { name: "atlassian_jira_software_service_management__5.4.25__lts_", product_id: "CSAFPID-1621139", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management_data_center__5.17.1", product: { name: "atlassian_jira_software_service_management_data_center__5.17.1", product_id: "CSAFPID-1621137", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bamboo", product: { name: "bamboo", product_id: "CSAFPID-716889", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bitbucket", product: { name: "bitbucket", product_id: "CSAFPID-1725084", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "confluence", product: { name: "confluence", product_id: "CSAFPID-551338", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jira_software", product: { name: "jira_software", product_id: "CSAFPID-1725085", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1724900", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1725556", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1725557", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*", }, }, }, { category: "product_name", name: "sourcetree_for_mac", product: { name: "sourcetree_for_mac", product_id: "CSAFPID-1724286", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree_for_windows", product: { name: "sourcetree_for_windows", product_id: "CSAFPID-1724287", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "atlassian", }, ], }, vulnerabilities: [ { cve: "CVE-2022-38900", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2022-38900", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38900.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-551338", ], }, ], title: "CVE-2022-38900", }, { cve: "CVE-2023-46234", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2023-46234", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46234.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-551338", ], }, ], title: "CVE-2023-46234", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-551338", "CSAFPID-1725085", "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-551338", "CSAFPID-1725085", "CSAFPID-716889", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, notes: [ { category: "other", text: "Excessive Platform Resource Consumption within a Loop", title: "CWE-1050", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2024-4068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4068.json", }, ], title: "CVE-2024-4068", }, { cve: "CVE-2024-21697", product_status: { known_affected: [ "CSAFPID-1724286", "CSAFPID-1724287", "CSAFPID-1725556", "CSAFPID-1725557", ], }, references: [ { category: "self", summary: "CVE-2024-21697", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21697.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-1724286", "CSAFPID-1724287", "CSAFPID-1725556", "CSAFPID-1725557", ], }, ], title: "CVE-2024-21697", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1725084", "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1725084", "CSAFPID-551338", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-30172", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1621160", "CSAFPID-1621161", "CSAFPID-1645509", "CSAFPID-1645510", "CSAFPID-551338", "CSAFPID-1725084", ], }, references: [ { category: "self", summary: "CVE-2024-30172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1621160", "CSAFPID-1621161", "CSAFPID-1645509", "CSAFPID-1645510", "CSAFPID-551338", "CSAFPID-1725084", ], }, ], title: "CVE-2024-30172", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1621133", "CSAFPID-1621135", "CSAFPID-1621137", "CSAFPID-1621138", "CSAFPID-1621139", "CSAFPID-1621140", "CSAFPID-1621141", "CSAFPID-1621142", "CSAFPID-1621143", "CSAFPID-1621163", "CSAFPID-1645370", "CSAFPID-1645371", "CSAFPID-1645372", "CSAFPID-1645373", "CSAFPID-1645374", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1621133", "CSAFPID-1621135", "CSAFPID-1621137", "CSAFPID-1621138", "CSAFPID-1621139", "CSAFPID-1621140", "CSAFPID-1621141", "CSAFPID-1621142", "CSAFPID-1621143", "CSAFPID-1621163", "CSAFPID-1645370", "CSAFPID-1645371", "CSAFPID-1645372", "CSAFPID-1645373", "CSAFPID-1645374", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-38286", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json", }, ], title: "CVE-2024-38286", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-551338", "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-551338", "CSAFPID-716889", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1725085", ], }, references: [ { category: "self", summary: "CVE-2024-45801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1725085", ], }, ], title: "CVE-2024-45801", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-716889", ], }, ], title: "CVE-2024-47561", }, ], }
NCSC-2024-0466
Vulnerability from csaf_ncscnl
Published
2024-12-06 13:05
Modified
2024-12-06 13:05
Summary
Kwetsbaarheden verholpen in Atlassian producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.
Voor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.
Oplossingen
Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-755
Improper Handling of Exceptional Conditions
CWE-347
Improper Verification of Cryptographic Signature
CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE-23
Relative Path Traversal
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.\nVoor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.", title: "Interpretaties", }, { category: "description", text: "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Excessive Platform Resource Consumption within a Loop", title: "CWE-1050", }, { category: "general", text: "Relative Path Traversal", title: "CWE-23", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - certbundde", url: "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html", }, ], title: "Kwetsbaarheden verholpen in Atlassian producten", tracking: { current_release_date: "2024-12-06T13:05:55.904619Z", id: "NCSC-2024-0466", initial_release_date: "2024-12-06T13:05:55.904619Z", revision_history: [ { date: "2024-12-06T13:05:55.904619Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "atlassian_bamboo__10.0.0", product: { name: "atlassian_bamboo__10.0.0", product_id: "CSAFPID-1645374", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bamboo__9.2.17", product: { name: "atlassian_bamboo__9.2.17", product_id: "CSAFPID-1621163", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bamboo__9.6.4", product: { name: "atlassian_bamboo__9.6.4", product_id: "CSAFPID-1645371", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__8.19.9", product: { name: "atlassian_bitbucket__8.19.9", product_id: "CSAFPID-1645370", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__8.9.19", product: { name: "atlassian_bitbucket__8.9.19", product_id: "CSAFPID-1645373", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__9.0.0", product: { name: "atlassian_bitbucket__9.0.0", product_id: "CSAFPID-1645372", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__7.19.26", product: { name: "atlassian_confluence__7.19.26", product_id: "CSAFPID-1621160", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__7.19.26__lts_", product: { name: "atlassian_confluence__7.19.26__lts_", product_id: "CSAFPID-1621135", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.5.12", product: { name: "atlassian_confluence__8.5.12", product_id: "CSAFPID-1645510", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.5.14__lts_", product: { name: "atlassian_confluence__8.5.14__lts_", product_id: "CSAFPID-1621133", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.9.4", product: { name: "atlassian_confluence__8.9.4", product_id: "CSAFPID-1645509", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__9.0.1", product: { name: "atlassian_confluence__9.0.1", product_id: "CSAFPID-1621161", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence_data_center__9.0.1", product: { name: "atlassian_confluence_data_center__9.0.1", product_id: "CSAFPID-1621140", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software__9.12.12__lts_", product: { name: "atlassian_jira_software__9.12.12__lts_", product_id: "CSAFPID-1621142", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software__9.4.25__lts_", product: { name: "atlassian_jira_software__9.4.25__lts_", product_id: "CSAFPID-1621143", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_data_center__9.17.1", product: { name: "atlassian_jira_software_data_center__9.17.1", product_id: "CSAFPID-1621141", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management__5.12.12__lts_", product: { name: "atlassian_jira_software_service_management__5.12.12__lts_", product_id: "CSAFPID-1621138", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management__5.4.25__lts_", product: { name: "atlassian_jira_software_service_management__5.4.25__lts_", product_id: "CSAFPID-1621139", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management_data_center__5.17.1", product: { name: "atlassian_jira_software_service_management_data_center__5.17.1", product_id: "CSAFPID-1621137", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bamboo", product: { name: "bamboo", product_id: "CSAFPID-716889", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bitbucket", product: { name: "bitbucket", product_id: "CSAFPID-1725084", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "confluence", product: { name: "confluence", product_id: "CSAFPID-551338", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jira_software", product: { name: "jira_software", product_id: "CSAFPID-1725085", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1724900", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1725556", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1725557", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*", }, }, }, { category: "product_name", name: "sourcetree_for_mac", product: { name: "sourcetree_for_mac", product_id: "CSAFPID-1724286", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree_for_windows", product: { name: "sourcetree_for_windows", product_id: "CSAFPID-1724287", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "atlassian", }, ], }, vulnerabilities: [ { cve: "CVE-2022-38900", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2022-38900", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38900.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-551338", ], }, ], title: "CVE-2022-38900", }, { cve: "CVE-2023-46234", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2023-46234", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46234.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-551338", ], }, ], title: "CVE-2023-46234", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-551338", "CSAFPID-1725085", "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-551338", "CSAFPID-1725085", "CSAFPID-716889", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, notes: [ { category: "other", text: "Excessive Platform Resource Consumption within a Loop", title: "CWE-1050", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2024-4068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4068.json", }, ], title: "CVE-2024-4068", }, { cve: "CVE-2024-21697", product_status: { known_affected: [ "CSAFPID-1724286", "CSAFPID-1724287", "CSAFPID-1725556", "CSAFPID-1725557", ], }, references: [ { category: "self", summary: "CVE-2024-21697", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21697.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-1724286", "CSAFPID-1724287", "CSAFPID-1725556", "CSAFPID-1725557", ], }, ], title: "CVE-2024-21697", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1725084", "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1725084", "CSAFPID-551338", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-30172", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1621160", "CSAFPID-1621161", "CSAFPID-1645509", "CSAFPID-1645510", "CSAFPID-551338", "CSAFPID-1725084", ], }, references: [ { category: "self", summary: "CVE-2024-30172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1621160", "CSAFPID-1621161", "CSAFPID-1645509", "CSAFPID-1645510", "CSAFPID-551338", "CSAFPID-1725084", ], }, ], title: "CVE-2024-30172", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1621133", "CSAFPID-1621135", "CSAFPID-1621137", "CSAFPID-1621138", "CSAFPID-1621139", "CSAFPID-1621140", "CSAFPID-1621141", "CSAFPID-1621142", "CSAFPID-1621143", "CSAFPID-1621163", "CSAFPID-1645370", "CSAFPID-1645371", "CSAFPID-1645372", "CSAFPID-1645373", "CSAFPID-1645374", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1621133", "CSAFPID-1621135", "CSAFPID-1621137", "CSAFPID-1621138", "CSAFPID-1621139", "CSAFPID-1621140", "CSAFPID-1621141", "CSAFPID-1621142", "CSAFPID-1621143", "CSAFPID-1621163", "CSAFPID-1645370", "CSAFPID-1645371", "CSAFPID-1645372", "CSAFPID-1645373", "CSAFPID-1645374", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-38286", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json", }, ], title: "CVE-2024-38286", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-551338", "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-551338", "CSAFPID-716889", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1725085", ], }, references: [ { category: "self", summary: "CVE-2024-45801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1725085", ], }, ], title: "CVE-2024-45801", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-716889", ], }, ], title: "CVE-2024-47561", }, ], }
ncsc-2025-0028
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:36
Modified
2025-01-22 13:36
Summary
Kwetsbaarheden verholpen in Oracle Analytics
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-789
Memory Allocation with Excessive Size Value
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-670
Always-Incorrect Control Flow Implementation
CWE-399
CWE-399
CWE-326
Inadequate Encryption Strength
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-834
Excessive Iteration
CWE-311
Missing Encryption of Sensitive Data
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Memory Allocation with Excessive Size Value", title: "CWE-789", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, { category: "general", text: "CWE-399", title: "CWE-399", }, { category: "general", text: "Inadequate Encryption Strength", title: "CWE-326", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Analytics", tracking: { current_release_date: "2025-01-22T13:36:58.196605Z", id: "NCSC-2025-0028", initial_release_date: "2025-01-22T13:36:58.196605Z", revision_history: [ { date: "2025-01-22T13:36:58.196605Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-1503296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-220360", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:enterprise:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-135810", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-219994", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:enterprise:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-219817", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:enterprise:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-1503297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-257324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-1503298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-1650736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764234", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764929", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764235", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764930", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764236", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-1503574", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-1503573", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765388", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764727", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764729", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765383", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764725", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764728", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764730", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764726", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-9197", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-9493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-220546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-228391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-220545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-220560", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-1673195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-1751172", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-1650735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:prior_to_7.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-1751157", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10000", references: [ { category: "self", summary: "CVE-2016-10000", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2016/CVE-2016-10000.json", }, ], title: "CVE-2016-10000", }, { cve: "CVE-2020-2849", product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2020-2849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-2849.json", }, ], title: "CVE-2020-2849", }, { cve: "CVE-2020-7760", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2020-7760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-7760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-257324", ], }, ], title: "CVE-2020-7760", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-228391", "CSAFPID-764778", "CSAFPID-220546", "CSAFPID-9197", "CSAFPID-764929", "CSAFPID-764930", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-1503574", "CSAFPID-257324", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2020-13956", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-228391", "CSAFPID-764778", "CSAFPID-220546", "CSAFPID-9197", "CSAFPID-764929", "CSAFPID-764930", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-1503574", "CSAFPID-257324", "CSAFPID-135810", ], }, ], title: "CVE-2020-13956", }, { cve: "CVE-2020-28975", product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2020-28975", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-28975.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2020-28975", }, { cve: "CVE-2021-23926", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9493", "CSAFPID-764778", "CSAFPID-228391", "CSAFPID-135810", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-220546", "CSAFPID-9197", "CSAFPID-764929", "CSAFPID-764930", ], }, references: [ { category: "self", summary: "CVE-2021-23926", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23926.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9493", "CSAFPID-764778", "CSAFPID-228391", "CSAFPID-135810", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-220546", "CSAFPID-9197", "CSAFPID-764929", "CSAFPID-764930", ], }, ], title: "CVE-2021-23926", }, { cve: "CVE-2021-33813", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9197", "CSAFPID-9493", "CSAFPID-228391", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2021-33813", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33813.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9197", "CSAFPID-9493", "CSAFPID-228391", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-135810", ], }, ], title: "CVE-2021-33813", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9493", "CSAFPID-764778", "CSAFPID-228391", "CSAFPID-135810", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", ], }, references: [ { category: "self", summary: "CVE-2022-40150", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40150.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9493", "CSAFPID-764778", "CSAFPID-228391", "CSAFPID-135810", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", ], }, ], title: "CVE-2022-40150", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "other", text: "Creation of Temporary File in Directory with Insecure Permissions", title: "CWE-379", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-4785", cwe: { id: "CWE-248", name: "Uncaught Exception", }, notes: [ { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-4785", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4785.json", }, ], title: "CVE-2023-4785", }, { cve: "CVE-2023-7272", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-7272", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7272.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2023-7272", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "other", text: "CWE-399", title: "CWE-399", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2023-24998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json", }, ], title: "CVE-2023-24998", }, { cve: "CVE-2023-25399", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], product_status: { known_affected: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-25399", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-25399.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2023-25399", }, { cve: "CVE-2023-29824", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-29824", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29824.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2023-29824", }, { cve: "CVE-2023-32732", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, notes: [ { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-32732", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32732.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2023-32732", }, { cve: "CVE-2023-33202", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1650735", "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-33202", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33202.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650735", "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2023-33202", }, { cve: "CVE-2023-33953", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "other", text: "Memory Allocation with Excessive Size Value", title: "CWE-789", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-33953", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33953.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2023-33953", }, { cve: "CVE-2023-43804", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-43804", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43804.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, ], title: "CVE-2023-43804", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45803", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-45803", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45803.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, ], title: "CVE-2023-45803", }, { cve: "CVE-2023-50782", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, notes: [ { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-50782", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50782.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, ], title: "CVE-2023-50782", }, { cve: "CVE-2024-0727", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-135810", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", ], }, references: [ { category: "self", summary: "CVE-2024-0727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-135810", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", ], }, ], title: "CVE-2024-0727", }, { cve: "CVE-2024-1135", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-1135", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1135.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2024-1135", }, { cve: "CVE-2024-4741", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2024-4741", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json", }, ], title: "CVE-2024-4741", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-135810", "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-135810", "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-220560", "CSAFPID-1673195", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-220560", "CSAFPID-1673195", "CSAFPID-257324", ], }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-22195", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-22195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, ], title: "CVE-2024-22195", }, { cve: "CVE-2024-26130", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-26130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2024-26130", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-220560", "CSAFPID-1673195", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-220560", "CSAFPID-1673195", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-257324", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-1650736", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-257324", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-1650736", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-34064", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-34064", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2024-34064", }, { cve: "CVE-2024-35195", cwe: { id: "CWE-670", name: "Always-Incorrect Control Flow Implementation", }, notes: [ { category: "other", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-35195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json", }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2024-35195", }, { cve: "CVE-2024-36114", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-36114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2024-36114", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38809", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-220560", "CSAFPID-1673195", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2024-38809", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-220560", "CSAFPID-1673195", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-135810", ], }, ], title: "CVE-2024-38809", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-220560", "CSAFPID-1673195", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220560", "CSAFPID-1673195", ], }, ], title: "CVE-2024-38820", }, { cve: "CVE-2024-43382", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "other", text: "Inadequate Encryption Strength", title: "CWE-326", }, ], product_status: { known_affected: [ "CSAFPID-220560", "CSAFPID-1673195", ], }, references: [ { category: "self", summary: "CVE-2024-43382", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43382.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-220560", "CSAFPID-1673195", ], }, ], title: "CVE-2024-43382", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2025-21532", product_status: { known_affected: [ "CSAFPID-1751157", ], }, references: [ { category: "self", summary: "CVE-2025-21532", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21532.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751157", ], }, ], title: "CVE-2025-21532", }, ], }
fkie_cve-2024-47561
Vulnerability from fkie_nvd
Published
2024-10-03 11:15
Modified
2024-11-21 09:39
Severity ?
Summary
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.", }, { lang: "es", value: "El análisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten código arbitrario. Se recomienda a los usuarios actualizar a la versión 1.11.4 o 1.12.0, que solucionan este problema.", }, ], id: "CVE-2024-47561", lastModified: "2024-11-21T09:39:54.757", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 9.2, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "security@apache.org", type: "Secondary", }, ], }, published: "2024-10-03T11:15:13.510", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/10/03/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20241011-0003/", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Secondary", }, ], }
ghsa-r7pg-v2c8-mfg3
Vulnerability from github
Published
2024-10-03 12:30
Modified
2024-10-08 14:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Details
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
{ affected: [ { package: { ecosystem: "Maven", name: "org.apache.avro:avro", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.11.4", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-47561", ], database_specific: { cwe_ids: [ "CWE-502", ], github_reviewed: true, github_reviewed_at: "2024-10-03T16:52:52Z", nvd_published_at: "2024-10-03T11:15:13Z", severity: "CRITICAL", }, details: "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.", id: "GHSA-r7pg-v2c8-mfg3", modified: "2024-10-08T14:51:58Z", published: "2024-10-03T12:30:48Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", }, { type: "WEB", url: "https://github.com/apache/avro/pull/2934", }, { type: "WEB", url: "https://github.com/apache/avro/pull/2980", }, { type: "WEB", url: "https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900", }, { type: "WEB", url: "https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285", }, { type: "PACKAGE", url: "https://github.com/apache/avro", }, { type: "WEB", url: "https://issues.apache.org/jira/browse/AVRO-3985", }, { type: "WEB", url: "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x", }, { type: "WEB", url: "https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html", }, { type: "WEB", url: "https://www.openwall.com/lists/oss-security/2024/10/03/1", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", type: "CVSS_V4", }, ], summary: "Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.